Tech Firms Shift Stance on Security Regulation

In a surprise shift, leading software companies acknowledge in a report to the Bush administration that government might need to force the U.S. technology industry to improve the security of America’s computer networks.

The companies, including Microsoft Corp. and Computer Associates International Inc., said the Homeland Security Department “should examine whether tailored government action is necessary” to compel improvements in the design of computer software.

The 250-page report containing that recommendation and dozens more was to be released today. It cautions that government should require security improvements only when market forces fail. It also said firms are demanding software that is safer and more resilient to attacks.

But the report said the most sensitive computer networks -- such as those operating banks, telephone networks or water pipelines -- “may require a greater level of security than the market will provide.”

In those cases, they recommend “appropriate and tailored government action that interferes with market innovation on security as little as possible.”

The public acknowledgment that any level of new government regulation might be needed to improve software security represents an important shift by the technology industry.

“That’s a big lean in the right direction,” said research director Alan Paller of the SANS Institute in Bethesda, Md., a computer security organization.

The suggestions were solicited by the Homeland Security Department in December.