IDG’s CIO and Darwin Magazines Partner with US Critical Infrastructure Assurance Office (CIAO) to Convene Government and Business to Assess National Information Security Efforts in Public Forum

WASHINGTON, MARCH 22,2001- Dr. Condoleezza Rice, National Security Advisor to the President of the United States, today delivered her first public address at CIO and Darwin magazines' Internet Security Policy Forum II: "Understanding Risk and U.S. Economic Security". The forum was the finale to a three-day meeting of the Partnership for Critical Infrastructure Security (PCIS), organized by the US Critical Infrastructure Assurance Office (CIAO) and the U.S. Chamber of Commerce.


In her address, Dr. Rice announced that critical infrastructure protection is a priority for the Bush Administration. The Administration is looking at the most effective ways to organize the government to support and address this issue. "We are talking about a collaborative partnership between public and private sector that is unprecedented in our history," said Rice. "This is a unique problem and it is going to require a unique solution." Dr. Rice added that the government has no plans use regulation as a means to accomplish infrastructure protection.

Dr. Rice's speech was followed by an interactive panel discussion moderated by Arthur Miller, Harvard Law Professor, legal expert and former legal correspondent for ABC's "Good Morning America." Representative Robert Goodlatte (VA) delivered closing remarks, followed by Senator Robert Bennett (UT) who commented on how security risks impact our nation's growth and announced steps the U.S. Senate will take to improve national critical infrastructure protection and insure economic security in 2001 and 2002.

Private Industry Responds to U.S. Information Systems Protection Plan:

At the forum, Ken Watson (Board President of the PCIS and Manager of Critical Infrastructure Assurance for Cisco Systems, Inc.) unveiled top business leaders' report of action steps taken to respond to the US Government's "invitation to dialogue" in its National Plan for protecting US Information Systems. (The National Plan, created during the Clinton Administration and being reviewed by the Bush Administration, outlines the US government's strategy for protecting critical infrastructure networks from disruption and attack.)

Key accomplishments from the PCIS include:

1.) Engagement of all eight industry sectors (Banking and Finance; Electric Power; Information and Communications; Oil and Gas; Water; Transportation Emergency Services; and Government Services): One year ago, none of the industry sectors were providing action plans to the National Plan. Now, all sectors are contributing to the Plan, underscoring the level of security concerns and the importance of critical infrastructure protection.

2.) Identification of cyber-legislative issues: For the purpose of developing accurate and informed industry sector action plans, PCIS examined and identified six legislative issues associated with cyber security: Freedom of Information Act (FOYA); antitrust; liability; encryption; cost recovery; and economic espionage and trade secrets.

3.) Identification of holes in critical infrastructure protection (CIP) research: PCIS examined the CIP research initiatives of government, businesses and academic organizations to identify gaps and overlaps in research efforts. Findings indicate there are several research gaps, most notably in how different industry sectors depend on each other and what the consequences of related disruptions are.

According to PCIS Board President, Ken Watson, "Establishment of the PCIS illustrates the importance we in industry place on critical infrastructure protection … it's an economic issue for us. The ultimate goal is to assure the delivery of critical services to our customers and citizens … in the face of new threats."

CIO Magazine Unveils New Security Self Assessment Tool:

Recognizing the need for security review resources, CIO magazine, in partnership with @Stake, today unveiled a new instrument that enables business organizations to determine the impact a hacker attack would have on their company. Available at, the CIO Security Worksheet is a self-assessment tool for companies to identify their areas of weakness and learn steps they can take to improve their company's security.

According to Abbie Lundberg, CIO magazine editor in chief, "Many organizations are struggling to get their arms around security protection. The CIO Worksheet serves as that tough coach you had as a kid…it will point out your biggest flaws, then get you thinking about how to fix them. This tool is especially helpful to small and medium sized companies that don't have big budgets for security consultation."

Adds Mudge, VP of Research and Development at @stake, "With security at the forefront for businesses, it is vital that organizations have an understanding of what risks they are willing to take when it comes to their own security. The CIO Security Worksheet will help organizations identify their trouble spots and prioritize their list of security action items."

The CIO Security Worksheet asks site visitors a series of questions about their company, its core business information assets, where information is stored, how it is accessed and who has access to it. The Worksheet also asks about security policies and response-to-attack plans, as well as company size and gross revenue. Once information is compiled, the worksheet provides a summary report that ascertains a company's security problem areas and recommends steps for improvement. Technology and business professionals can access the Security Worksheet from's Security Research Center or go by typing the following URL:

In addition to the CIO Security Worksheet, CIO magazine will soon launch an online "Ask the Experts" forum, where site visitors can address their security questions and concerns to a rotatating group of security experts (including Mucge and Sandra Long). Launching on April 1, the "Ask the Experts" forum will be accessible at:

Partnership for Critical Infrastructure Security (PCIS) Holds Annual Meeting:

The Partnership is a consortium of private industry sectors whose purpose is to work collaboratively with Government to address risks to the Nation's critical infrastructures and assure the delivery of essential services over the nation's critical infrastructures. These infrastructures include energy, financial services, transportation, communications and information services, and vital human services, such as health, safety and water. The Partnership serves as a forum in which to draw individual industry sector efforts together to facilitate a dialogue on cross-sector interdependencies, explore common approaches and experiences, and engage other key professional and business communities that have an interest in infrastructure assurance. By doing so, the Partnership raises awareness and understanding of, and to serve, when appropriate, as a catalyst for action among, the owners and operators of critical infrastructures, risk management and investment communities, and other members of the business community, and state and local governments.

CIO and Darwin Magazines Partnered with CIAO for Unique Reasons:

CXO Media, Inc., publisher of CIO and Darwin magazines, partnered with the CIAO to develop a series of events that build awareness of Internet security issues and risks. Having a common interest to increase international awareness about technology risks (including cyber-terrorism, cyber-crime and business continuity), the two organizations represent a unique pairing of government and media. According to the Report of the President of the United States on the Status of Federal Critical Infrastructure Protection Activities, "CXO Media, Inc., publishers of CIO Magazine (CIO audiences) and Darwin (CEO audiences), is cooperating with the CIAO in a partnership to raise awareness and understanding of the issue of information security and management, targeting specifically CIOs and CEOs of Fortune 5000 companies. As part of this cooperation, CXO Media Inc. and CIAO co-sponsor two Internet Security Policy fora, specifically on information security related policies and strategies…" CXO Media, Inc. is a founding membe

r of the PCIS.

According to Lew McCreary, Editorial Director and Executive Vice President of CXO Media and Editor in Chief of Darwin, "CXO and CIAO share the goal of informing business and political leaders about information security risks and better preparing them for attack. This unique partnership provides opportunities for both organizations to reach a wide-ranging number of executives who are grappling with security concerns and looking for solutions."

John Tritak, Director, Critical Infrastructure Assurance Office, Department of Commerce, adds,

"With CIAO's connection to our nation's government leaders and CXO's connection to our nation's business leaders, we can bring political and business leaders together and make some real progress."

Internet Security Policy Forum II Panelists:

* Michael P. Cangemi, President and COO, Etienne Aigner, Inc.; Editor-in Chief, Information Systems Control Journal;

* Richard A. Clarke, National Coordinator for Security, Infrastructure Protection, and Counter-Terrorism, United States;

* Craig Goldberg, President and CEO Internet Trading Technologies;

* Sandra F. Long, Deputy Secretary of Maryland Department of Business and Economic Development (DBED);

* Jim McNulty, President and CEO, Chicago Mercantile Exchange Inc.;

* Mudge, Vice President of Research and Development, @stake;

* Margaret Purdy, Associate Deputy Minister, Department of National Defence, and responsible for the Office of Critical Infrastructure Protection (CIP)and Emergency Preparedness, Government of Canada;

* Howard Schmidt, Board Member, PCIS, Chief Security Officer, Microsoft;

* Ken Watson, Board President, PCIS, Manager, Critical Infrastructure Assurance Group, Cisco Systems, Inc;

About CIO and Darwin Magazines:

CIO magazine (launched in 1987) and Darwin magazine are published by CXO Media Inc. CXO Media serves CIOs, CEOs, CFOs, COOs and other corporate officers who use technology to thrive and prosper in this new era of business. The company strives to enhance partnerships between C-level executives, as well as create opportunities for information technology (IT) and consumer marketers to reach them. In addition to publishing CIO and Darwin, CXO Mediproduces, The CIO Insider and websites, as well as CIO and Darwin Executive Programs, a series of conferences that provide educational and networking opportunities for corporate and government leaders. Both CIO and Darwin magazines are nominated for the 2001 Jesse H. Neal Awards, the "Pulitzer Prize" of business publishing.

CXO Media Inc. is a subsidiary of IDG, the world's leading IT media, research and exposition company. IDG publishes more than 300 computer magazines and newspapers and 4,000 book titles and offers online users the largest network of technology-specific sites around the world through (, which comprises more than 270 targeted websites in 70 countries. IDG is also a leading producer of 168 computer-related expositions worldwide and provides IT market analysis through 50 offices in 43 countries worldwide. Company information is available at

About The Critical Infrastructure Assurance Office (CIAO):

The CIAO was created in response to Presidential Decision Directive 63 (PDD-63) in May 1998. CIAO's basic mission, as articulated in PDD-63, is to coordinate national planning activities related to critical infrastructure protection; develop awareness in the private and public sectors for establishing sound security practices; and support the development of a public-private partnership through educational outreach and other related activities. The program focuses on the assurance of our critical infrastructures such as energy, financial, telecommunications, transportation and water systems, continuity of government, and emergency services such as medical, police, fire and rescue. The CIAO is an inter-agency organization located at the U.S. Department of Commerce and information is available at

NOTE: The entire Internet Security Policy Forum II event was webcast live and archived on and