B2B mulls security response to terrorism

There's no stampede to change business-to-business e-commerce and collaboration systems in light of this month's terrorists attacks, although some technology observers say increased security should be undertaken.

One new service to help do this comes from electronic payment company CyberSource Corp. The company on Monday will announce its Export Compliance service that helps B2B and consumer e-commerce companies comply with government anti-terrorist export regulations.

The service automatically adds the names that appear on government lists of people and organizations banned from exporting U.S. goods to its electronic payment authorization and fraud screening software. The denied parties screen in that software is an automated, real-time crosscheck of online or call center orders against U.S. Office of Foreign Assets Control's Specially Designated National and Denied Persons lists that include terrorists, blocked individuals or organizations.

In addition to the screen, CyberSource, of Mountain View, Calif., uses shipping address and the geographic locations of e-mail domains to protect digital product delivery from embargoed countries or to accommodate business distribution rules, according to officials. In addition to patriotic benefits, the service will help protect businesses from incurring any fines for transacting with people the government has outlawed, CyberSource officials said.

Collaboration concerns
However, screening is only one aspect of doing business in a B2B environment. Collaboration over the Internet-particularly when it comes to teaming up in the design of military or other security-sensitive products-is logically an area of concern. For instance, Northrop Grumman Corp. shares jet design data with Lockheed Martin Corp. using B2B collaboration software from SDRC as part of the Joint Strike Fighter program. Northrop Grumman officials declined to comment.

Jim Heppelmann, chief technology officer at Parametric Technologies Corp., which designs the collaborative technology used in government projects, said he is not concerned about trading classified documents over the Internet.

"We're not using the public Internet for classified information exchange; [rather] it would be some type of virtual private network," said Heppelmann. "Once you look at it, [a VPN] can be even more secure than Fed Ex. But you may have to spend more money for a VPN and encryption."

Despite privacy advocates' concerns that the Bush administration's proposed anti-terrorism legislation could have a chilling effect on e-commerce, in general B2B software users and vendors alike are not overly concerned that they will be adversely affected.

Attorney General John Ashcroft has requested that the FBI be allowed to monitor all of the communications of a person rather than just a single telephone-a request stemming from the widespread use of wireless phones. He also wants law enforcement to be able to obtain blanket federal wiretap authorization, rather than being forced to receive authorization from each jurisdiction where an investigation takes place.

"I don't think that anyone feels that the government spying on a company or reading an e-mail is going to be a threat to any company," said PTC's Heppelmann, in Needham, Mass. "Most companies are not trying to use the Internet for evil ends. They're just trying to get business done. They don't feel a big threat from the government-I don't feel that they are going to steal my designs. Sitting here as a CTO, I'm not losing sleep over it."

Don LaValle, director of strategic business operations and IT at Sharp Electronics, said that even though his company spent $2 million on B2B initiatives over the last two years, it won't be affected by whatever security legislation is passed because it does only about 1 percent of its business over the Internet. In addition, Sharp, which supplies major electronics companies like Cisco Systems Corp., knows its customers.

"Any time we do any real true B2B, it's done through a secured link. And we know who the person is that we are doing business with," said LaValle.

Ariba Inc. acting CEO Keith Krach is more sanguine about the fallout from the attacks. "I don't think this will adversely affect online commerce, quite the opposite--I think it will make it even more secure for the companies and countries that are now banded together in the fight against terrorism," he said.

B2B boon?
PTC's Heppelmann believes that the recent terrorist events might even be a boon to B2B collaboration over the Internet as more companies look for ways to communicate without getting on a plane.

PTC does not have any current plans to beef up security in its software. What Heppelmann said he will do is make sure that PTC's applications support security technology and behaves well in a VPN.

Others are not as comfortable that the B2B environment will remain untouched by legislation. Jim Ehrenreich, senior manager of cybercrime prevention at PricewaterhouseCoopers in New York, sees a second set of issue around B2B security standards developing.

"Further down the road we will have to address cyber-attacks as one of the many things [terrorists may perpetrate]," said Ehrenreich. "There is a cost associated with that. Who is going to pay? The government? I doubt it. Private sector? I doubt it. That will impact the bottom line, in terms of security. To have businesses raise their security will cost a lot of money."