I White House Releases Cybersecurity Plan

[Dave Farber <dave () farber net>]

------ Forwarded Message
From: "Denning, Dorothy USA" <dedennin () nps navy mil>
Date: Fri, 14 Feb 2003 10:07:02 -0800
Subject: White House Releases Cybersecurity Plan

The National Strategy to Secure Cyberspace is at
http://www.whitehouse.gov/pcipb/cyberspace_strategy.pdf .
 
The Washington Post, Feb. 14, 2003

 To view the entire article, go to
http://www.washingtonpost.com/wp-dyn/articles/A7970-2003Feb14.html
   
 By Brian Krebs

 The Bush administration today quietly released a scaled-back cybersecurity
strategy outlining steps government, industry and citizens should take to
protect computer systems from online attacks.
 
 The strategy, which President Bush signed on Jan. 31, has been in
development since shortly after the Sept. 11, 2001, terrorist attacks. The
majority of the document directs the government to lead by example by
tightening the security of federal information systems.
 
 One section of the plan encourages government contingency planning for
cybersecurity attacks, including a disaster recovery plan in the event that
a major node on the Internet is disabled. Among other cybersecurity
defenses, it calls for a network operating center to monitor the health of
the Internet and detect attacks and virus outbreaks before they cause much
damage.
 
 The plan also calls on home and small business computer users to install
firewall and anti-virus software. It also calls for the creation of a
public-private dialogue to devise ways that the government can reduce the
burden of
security on home users and businesses.
 
 Older versions of the plan suggested halting the use of wireless networks
in federal and civilian agencies until their security was improved. The
final version says only that federal agencies should follow wireless
security guidelines outlined by the National Institute of Standards and
Technology.
 
 Other ideas in the plan include the possible development of a
"cyberspace academy," White House partnerships with the organizations
that manage the Internet's architecture and information analysis
centers at higher-learning institutions.
 
 "We have a strategy and that's good. The key now is execution," said
Daniel Burton, vice president of government relations at Entrust Inc., an
Internet security services firm based in Dallas.
 
 Burton said that the plan is strong on government cybersecurity
protections, but "silent" on what the private sector can do. "The
private sector controls 85 percent of critical infrastructure. Unless
the private sector voluntarily steps up and really strengthens its
info security governance, we're going to see government mandates," he
said.
 
 The White House released the document on the Office of Homeland Security's
Web site this morning, the same time world attention was focused on the
United Nations debate on Iraq's disarmament.
 
 The quiet release stands in stark contrast to original plans to release the
cybersecurity strategy at a Silicon Valley event.  The administration had
picked Sept. 19, 2002, as the plan's original release date, inviting
numerous high-tech luminaries to attend a ceremony at Stanford University in
Palo Alto, Calif. Two days before that date, however, the White House
postponed the release, saying the plan needed more input from the business
community.
 
 The White House decided against a high-profile ceremony because of its
ongoing focus on possible war with Iraq.
 
 "There is potential that if things heat up with Iraq that we may just
want to get this out and not do big hurrah," an administration
official said earlier this week.
 
 The strategy's release comes at a time when the government's cybersecurity
bureaucracy is in a state of major change.  Two weeks ago, White House
cybersecurity czar Richard Clarke resigned from his post. The position is
now filled by Clarke's deputy, former Microsoft Corp. Chief Security Officer
Howard Schmidt.
 
 The White House also has been unable to fill top leadership posts at the
Homeland Security Department's division charged with protecting the
Internet and other communications systems from attacks.
 
 The administration's first choice to run the Information Analysis and
Infrastructure Protection Division was former Defense Intelligence
Agency Director James Clapper. Clapper, a retired Air Force lieutenant
and the head of the National Imagery and Mapping Center, unexpectedly
pulled his name from consideration.
 
 John Tritak, former director of the Critical Infrastructure Assurance
Office, is a likely pick as deputy undersecretary for infrastructure
protection at the Homeland Security Department, though he recently
left government service.
 
 Another noted name in online security, Ron Dick, director of the FBI's
cyber threat and warning bureau, also recently resigned from government
service. 
 
 Today's release of the strategy comes three days after the FBI's National
Infrastructure Protection Center warned of a possible increase in "global
hacking activities" because of U.S.-Iraqi tension. The administration also
is
considering ways to mount coordinated cyberattacks against enemy
computer networks, The Washington Post reported last week.
 



------ End of Forwarded Message

-------------------------------------
You are subscribed as interesting-people () lists elistx com
To unsubscribe or update your address, click
  http://v2.listbox.com/member/?listname=ip

Archives at: http://www.interesting-people.org/archives/interesting-people/