Hacks? What Hacks?Sen. Robert Bennett (R-Utah), the Senate’s computer security point man, wants you to start reporting hacks of your company networks to the government. But he thinks you need a little incentive. His plan? To pass a new law that exempts any information that businesses share on hacks from disclosure under the Freedom of Information Act (FOIA).It sounds reasonable enough. The government needs this information to understand why attacks occur and to develop better security protections. FOIA is a law that lets the public request internal government documents?like memos about Gulf War veterans’ illnesses or FBI files about criminal gangs. Companies fear that if reports of their security weaknesses are aired publicly (the press is a major FOIA user), the information would cast doubt on their future health and their stock prices could slide. Bennett’s critics, however, see a slippery slope, leading to companies covering up problems that investors and customers should know about. Scott Armstrong, a journalist and founder of the National Security Archive, says it’s not clear how the government would define what constitutes protected information about a network intrusion. Hypothetically, a software company could use such a law to cover up that it knew there were vulnerabilities in its product before it was sold but did nothing about it. Armstrong thinks most information that companies would legitimately want to keep secret is already protected by existing FOIA exemptions. The statute shields proprietary information about companies and data about law enforcement investigations. At press time, Bennett was planning to introduce his bill this summer. Similar legislation sponsored by Reps. Tom Davis (R-Va.) and Jim Moran (D-Va.) went nowhere last year, but the idea has influential friends. Backers include companies in the banking, telecommunications, electricity and IT industries. For more on this issue, see “Break Glass, Pull Handle, Call FBI” (June 1, 2001). -Stephanie Viscasillas The Man to See About IT PolicyJohn Graham, head of The Harvard Center for Risk Analysis, is a leading skeptic of the value of government regulation. And he’s the man President Bush hopes to put in charge of deciding which regulations?including those relating to IT policy?go on the books. If he’s instated he’ll pass judgment on everything from whether agencies will put their forms online to what companies have to do to protect the privacy of financial or medical data they keep about customers.Graham, whose confirmation by the Senate as head of the Office of Information and Regulatory Affairs (OIRA) was imminent at press time, is controversial. He’s taken strong stands against some regulations, like proposals to prohibit using cell phones while driving, arguing their costs outweigh their benefits. And he’s been criticized for kowtowing to companies that fund his research (consumer advocates jumped on the fact that AT&T had funded his cell phone research). Meanwhile, some detractors contend he’s ill-qualified to make IT policy. Gary Bass, executive director of OMB Watch, a government watchdog group, thinks the OIRA head should have some technology expertise (Graham is a professor of policy and decision sciences). No past OIRA administrators have been technologists, though former Presi-dent Clinton’s appointee, Sally Katzen, was an expert in telecommunications law. At his confirmation hearings in May, Graham said he simply calls things as he sees them. No senators on the Governmental Affairs Committee asked for his views on IT issues during the confirmation hearings, and he didn’t volunteer any. -S. Viscasillas Related content brandpost Sponsored by SAP When natural disasters strike Japan, Ōita University’s EDiSON is ready to act With the technology and assistance of SAP and Zynas Corporation, Ōita University built an emergency-response collaboration tool named EDiSON that helps the Japanese island of Kyushu detect and mitigate natural disasters. By Michael Kure, SAP Contributor Dec 07, 2023 5 mins Digital Transformation brandpost Sponsored by BMC BMC on BMC: How the company enables IT observability with BMC Helix and AIOps The goals: transform an ocean of data and ultimately provide a stellar user experience and maximum value. By Jeff Miller Dec 07, 2023 3 mins IT Leadership brandpost Sponsored by BMC The data deluge: The need for IT Operations observability and strategies for achieving it BMC Helix brings thousands of data points together to create a holistic view of the health of a service. By Jeff Miller Dec 07, 2023 4 mins IT Leadership how-to How to create an effective business continuity plan A business continuity plan outlines procedures and instructions an organization must follow in the face of disaster, whether fire, flood, or cyberattack. Here’s how to create a plan that gives your business the best chance of surviving such an By Mary K. Pratt, Ed Tittel, Kim Lindros Dec 07, 2023 11 mins Small and Medium Business Small and Medium Business Small and Medium Business Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe