Key lawmakers oppose the measure. Senate Judiciary Committee Chairman Sen. Patrick Leahy (D-Vt.) and open-government advocates think companies could use the bill to hide information about their financial weaknesses from investors. Vatis says existing laws already protect sensitive corporate data from disclosure.

David Marin, spokesman for Davis, says opposition to the bill has softened in recent months. At press time, Davis and Bennett were looking for a high-priority bill to which they could attach their proposal and guarantee its passage this year, says Marin.

The Gilmore Commission would rather have Congress create a nonprofit corporation to collect vulnerability and threat information from companies, sanitize it by removing any information that could be used to identify the source and then pass that information on to other companies and authorities. As a private entity, the nonprofit wouldn’t be subject to public disclosure laws, says Foresman. To date, lawmakers haven’t taken up the proposal, but Congress and the White House have acted on several of the commission’s other suggestions, most notably the idea to establish the Office of Home-land Defense.

Better Security, Fewer Taxes

Rep. Jerry Weller (R-Ill.) wants to give tax breaks to companies that follow information security best practices or use certified computer security products.

Weller tried unsuccessfully to get his bill, which would let companies immediately write off the cost of computer and physical security devices, in-cluded as part of an economic stimulus package that was being negotiated in Congress at press time. Instead, he decided to support another of the bill’s provisions, which would allow bigger write-offs for companies that buy any computer software during the next three years.

Weller’s spokesman, Ben Fallon, says the language in the economic stimulus bill "is really the initial salvo in this process." Weller intends to push deductions for security technology again this year. "Budget constraints wouldn’t allow it [the first time around]," Fallon says. He adds that Weller doesn’t know exactly how much his plan would cost.

"If you know you can write something off [faster], you make more sensible business decisions [about technology investments]," says Harris Miller, president of the Information Technology Association of America. "One hopes that in that decision making there is investment in security upgrades."

On the Horizon

The first homeland de-fense and antiterrorism policies affecting CIOs were enacted within weeks of Sept. 11. Others will take months or even years to develop as policy makers learn more about terrorist threats and how companies can help combat them. Even ideas with no clear congressional or White House champions today could gain support with time or political pressure. Washington heeds the squeakiest wheels, whether they are CIOs or others who may not be as well informed about CIOs’ needs.