The new aviation law is one example of legislation or regulations, whether passed or pending, that enlist the private sector to help government agencies ferret out terrorist suspects or thwart future attacks?using IT to do so. Eventually, the government could impose requirements, or at least strong incentives, for companies in many industries to report data, screen customers or deploy specific information security measures, even if there aren’t any proposals currently on the drawing board, says Vatis.

Keeping an Eye on Imports: Another bill in the works, the Customs Border Security Act sponsored by Rep. Philip Crane (R-Ill.), would require importers to send electronic cargo and crew manifests to the U.S. Customs Service for every shipment that crosses the border. Similar to airline passenger prescreening, electronic shipping manifests would enable logistics companies to bypass time-consuming border inspections by allowing customs officials to build profiles of low-risk shipments and carriers, according to Bill Primosch, director for international business policy with the National Association of Man-ufacturers. Officials could then pay more attention to suspicious cargo or unfamiliar shippers.

Sandra Scott, international trade and customs advocate with Akron, Ohio-based Road-way Express, says many large shipping companies such as hers already have information systems that maintain this data for their own purposes. She says her industry has argued for electronic shipping manifests for years because it would eliminate wasteful paperwork. Delays in modernizing the Customs Ser-vice’s computer systems have stymied deploying that type of system, but homeland defense concerns have now made the project a high priority, says Scott. At press time, an aide to Crane said that passage of the bill was likely this year.

Rules of Disclosure

The Sept. 11 attacks have improved the chances for passage of a bill that would limit the legal liability of companies that disclose their security vulnerabilities to government officials or share them with competitors. The government needs information about network intrusions in order to accurately assess threats to the nation’s critical infrastructure and issue warnings when appropriate.

Sen. Robert Bennett (R-Utah) and Rep. Tom Davis (R-Va.), sponsors of this proposal, say more companies would provide that data if they were convinced the public or antitrust prosecutors couldn’t get hold of it and sue them for alleged negligence with corporate data or collusion.

Concerns about legal ramifications "need to be taken off the table," says John Puckett, former CIO with Toysmart.com and GTE Internetworking, and now vice president of business development with Polaroid. Puckett is also a member of the Private Sector Council, which gives federal agencies advice on using IT. Puckett thinks the proposal by Bennett and Davis would encourage companies to share information, much like a similar law?which shielded companies from being sued if they disclosed their Y2K weaknesses?convinced executives to admit to those problems. The bill would prohibit government agencies from releasing any security-related information in responses to Freedom of Infor-mation Act requests.