Executives complain about software vulnerability

Wednesday, May 19, 2004 Posted: 3:51 PM EDT (1951 GMT)

 

WASHINGTON (AP) -- Chief executives from some of the largest U.S. companies are criticizing the technology industry in a lobbying campaign, accusing them of selling software vulnerable to hackers and too difficult for consumers to use safely.

The complaints by the Business Roundtable, a trade group for executives of 150 of America's largest corporations, reflect exasperation by companies over the expense and hassle of keeping their computer networks safe for consumers. The group cites estimates from the nation's banks and savings institutions that attacks by viruses and worms cost that industry more than $1 billion a year.

In its campaign starting Wednesday, the Business Roundtable urges technology companies to improve software design, make software products easier to manage and continue to offer support for products after updated versions are on the market. The group also acknowledges that executives and corporate directors should be involved in making companies' networks more secure.

"Up until now, the IT suppliers have deflected criticism and redirected criticism to end users," said Marian Hopkins, director of the group's security task force. "It's time that IT suppliers and manufacturers stepped up to the plate."

A former White House official responsible for cybersecurity, Paul Kurtz, noted the significance of the Business Roundtable, whose members include traditional manufacturers, pressing for better security. Most previous such proposals have involved leading technology firms; the Roundtable's members include Coca-Cola, Alcoa, Boeing, Burlington Northern, Deere and General Motors.

"These are Rust Belt companies. Now you have traditional industry saying this is important," said Kurtz, now head of the Washington-based Cyber Security Industry Alliance. He said Internet security "requires good products from suppliers and good maintenance on the part of the users."

The roundtable's assertions mirror popular criticisms by some consumer groups and security experts. The Bush administration is considering plans to improve the nation's cybersecurity, based on broad proposals adopted last year.

"We would challenge the software industry to create products that are easier to use, where security is a default component of the software," Hopkins said. "It shouldn't require somebody with a technology degree to manage a home computer."

Technology representatives bristled at the group's central complaint, noting enormous increases in money spent by software companies to make products more resilient and easier to defend from hackers.

"Cybersecurity is everyone's responsibility, including the vendors, the users, enterprises and government agencies," said Greg Garcia of the Information Technology Association of America, one of the industry's leading trade groups. "No serious commentary will say that the user has no responsibility. We all have responsibilities to lock our doors in our homes and to buckle up when we get in our cars."

Both groups, however, said they oppose government mandates on security.