Will the White House make a difference in computer security? The President's Office of Management and Budget recently sent out a directive to federal chief information officers to secure their Windows PCs. In what some said could have ripple effects well beyond Washington, the White House sent out a memorandum on March 22 that instructed all federal agencies (PDF) to adopt standard security configurations for Windows XP and Windows Vista by February 1.
"If the government states that it is only going to buy systems that are more secure, that sends a terrific signal," said Larry Clinton, president of the Internet Security Alliance, a group that represents large corporate technology users. "It is a significant step. All the technology providers will now have to adapt their products to meet those standards."
Under the directive, technology providers who want to sell to the government will have to certify that their products work with specially-configured systems.
"Common security configurations provide a baseline level of security, reduce risk from security threats and vulnerabilities, and save time and resources," Karen Evans, an OMB administrator, wrote in a memo to federal CIOs on March 20.
According to Evans' memo, by adopting the standard configurations, federal agencies can improve system performance, decrease operating costs, and ensure public confidence in the confidentiality, integrity and availability of government information.
But at least one analyst described the move as just a minor development.
"On the one hand, every little thing matters; on the other hand, this is a little thing," said Pete Lindstrom, a Burton Group analyst. "Standard configurations are pretty obviously useful; global 2000 companies have been doing this for about 10 to 15 years now."
The Sans Institute, which specializes in computer security training, disagreed and instead applauded the government's move. The $65 billion that the U.S. government is putting into IT purchasing each year will be an enormous incentive for technology providers to deliver products that work on secured systems, which will also benefit users outside the government, Alan Paller, director of research at Sans, wrote on the organization's Web site.