Bolstering cyber defensesCorporations demand enhanced cybersecurity

Busiensses demand better cybersecurity, and to advance the cause of better security some big hitters joined to found the Jericho Forum, headquartered in San francisco and named after the Battle of Jericho, in which the Israelites encircled the city until the city walls came tumbling down. The corporate members of the forum hope that, together, they can work to boslter corporate cybersecurity so that hackers and others with nefariuos intentions will not be able to bring the cybersecurity walls down. Currently, corporate security perimeters, says Paul Simmonds, Jericho’s chairman, “loo[k] like Swiss cheese.” Simmonds is also the CISO of Imperial Chemical Industries, a London-based multinational which sells starch and paints. BaselineSecurity’s Deborah Gage quotes him to say that he and other corporate officers such as himself are caught between the demands of their businesses to put more and more holes in their firewalls — for joint ventures, suppliers, customers — and still keep their corporations secure. Turning off the Web is not an option, but they do not have good tools to protect themselves either, Simmonds says, and “we rapidly came to the conclusion that if we didn’t change the mindset of the [high-tech] industry and start talking about the issues affecting us, we would not get the products we need.”

The Jericho Forum started in 2005 and for a year kept vendors out so they could define their issues themselves. There are now more than 100 members, mostly from the Fortune 500, among them Johnson & Johnson, Proctor & Gamble, Novartis, British Petroleum, and several large banks. Membership is weighted toward companies headquartered in Europe, possibly because Europeans routinely work across national boundaries and confronted the security problems earlier, Simmonds says. Also, the European Union is more strict about protecting data and privacy. The United States, though, drives the high-tech industry, so on 11 September 2007 the Jericho Forum will present a blueprint for a corporate security architecture at the InfoSecurity conference in New York City. Vendors — including IBM, Cisco, Hewlett-Packard, Motorola, and Qualys (the first vendor allowed in) — are now working with Jericho to develop products. One focus is federated identity and access management, which Simmonds says is impossible given today’s porous corporate borders.

Jericho lives under the auspices of the Open Group, so all products will be based on open standards. Good solutions are also coming from nonmembers, he says, including Walmart, which is driving adoption of the AS2 protocol to exchange information with its suppliers. The ultimate goal of the Jericho Forum is to disband in two years. By then, members hope, it will no longer be needed.