Although CIOs won’t officially serve on the council, they can have a critical role behind the scenes working with CEOs to identify risks to the nation’s computer infrastructure as well as developing and deploying information security measures recommended by the group, according to Richard Clarke, special adviser to the president for cyberspace security. Clarke is also the head of a new committee of federal agencies called the Critical Infrastructure Assur-ance Board that will consult with the council.

At a forum on critical infrastructure protection sponsored by the government and the U.S. Chamber of Commerce last November, Clarke said that officials learned during the Y2K crisis that CEOs need to be put on the spot to make their company fix major technology problems. "You can talk to CIOs until you’re blue in the face about the importance of security, and they’ll say, ’I agree, I agree.’ But you have to reach the CEO to get the funding," Clarke says.

Strategic Cooperation: Other councils are also encouraging business and government cooperation. In its report issued in October, the Gilmore Commis-sion, a panel chartered by Con-gress three years ago to recommend domestic responses to terrorism, endorsed the idea of involving private sector, state and local executives in crafting cyberdefense strategies. George Foresman, a member of the Gilmore Commission and de-puty state coordinator of emergency management for the Commonwealth of Virginia, says a formal approach like that has advantages over the informal groups currently working with federal agencies.

It will be easier, Foresman says, for CEOs to get support and funding from corporate boards of directors and stockholders for information security projects if they can explain how these projects fit in to the big picture.

Partnerships IN Policing

Airlines will soon be required to deploy state-of-the-art computer security to prevent tampering with passenger lists?which law enforcement officials used to identify the Sept. 11 hijackers?to comply with the aviation security law enacted in November by President Bush.

The new law also paves the way for additional voluntary security measures that could result in airlines deploying new IT systems. For instance, the law authorizes the Department of Transportation to develop national requirements for a computer system that airlines would use to prescreen frequent fliers. This would free security officials to scrutinize less familiar passengers. This type of system would likely use a computer-based identification card linked to a passenger’s profile in an airline database, according to a House Aviation Subcommittee aide who worked on the bill. The aide, who requested anonymity, said that although airlines wouldn’t be required to deploy such a system, most "are itching to do this," because it would help them speed passengers through security checks.