National cybersecurity plan omits industry mandates

[Dave Farber <dave () farber net>]

Government Executive
January 6, 2003
National cybersecurity plan omits industry mandates
By Bara Vaida and William New , National Journal's Technology Daily

The latest version of the national cybersecurity plan expected to be
presented to President Bush within the next month encourages the private
sector to do more to protect the Internet but without mandates on industry,
which had been proposed in the initial draft released publicly last
September.


Internet service providers (ISPs) will not be required to build a
centralized system to enable broad monitoring of the Internet; rather, they
will be encouraged to develop a national network operations center (NOC)
that could complement a federal cybersecurity response team that is to be
developed in the Homeland Security Department, according to a copy of the
plan obtained by National Journal's Technology Daily.

"In substance, the latest draft isn't all that different from September,"
said one high-tech industry source who viewed the latest version.
"Stylistically, it's much different in that it is much better written,
simpler and more straightforward. If you ticked off the items in this draft
compared to the other, however, there aren't that many differences."


The administration has been gathering comments on the first draft and has
addressed issues raised in those comments, including suggestions that the
plan more clearly state that it does not seek to regulate the private
sector.


Late last month, The New York Times reported that the Bush administration
was planning to propose requiring that ISPs build a central monitoring
system of the Internet, raising fears that the strategy had become more
regulatory. However, the version that has been circulating within the
high-tech sector since December says only that private-sector organizations
focused on cybersecurity "should consider the benefits of creating an
entity or center with a synoptic view of the health of cyberspace on a 24
by 7 basis."


The creation of such an operations center will continue to face resistance
from companies that have made a business by monitoring cyberspace for
specific clients, a high-tech lobbyist said. Richard Clarke, the special
adviser to Bush on cybersecurity and chief architect of the strategy, "just
hasn't made a good enough case that a NOC is necessary ... when it is
already being done in the private sector," the lobbyist said.

The strategy states that "federal regulation will not be used as a primary
means of securing cyberspace" but also emphasizes that the federal
government cannot protect the Internet alone.


On the international front, the draft still makes a strong pitch for global
cooperation but adds that the United States "reserves the right to respond
in an appropriate manner, including through cyberwarfare." It also stresses
stronger U.S. counterintelligence efforts in cyberspace, improvements in
attributing cyberattacks to their sources, and better interagency
coordination.


Other points emphasized in the latest version include:


A Cyber Warning and Information Network to allow government officials and
the private sector to discuss cyber threats.

Tests to determine the impact cyberattacks would have on processes in
various agencies.


A program to manage the information flow and to protect the information on
threats to critical infrastructures that companies voluntarily submit.


A public-private task force to recommend the implementation of the new
Internet protocol, IPv6 in the United States.

Annual priorities for cyber-security research and development and periodic
reviews of emerging cyber-security technologies.

An information and analysis center for universities and colleges because
they have among the most powerful computing systems in the nation.

A task force of public and private-sector officials to identify ways that
information technology providers, other organizations and the government
can reduce the burden on home users and small businesses in securing their
computer systems.

-------------------------------------
You are subscribed as interesting-people () lists elistx com
To unsubscribe or update your address, click
  http://v2.listbox.com/member/?listname=ip

Archives at: http://www.interesting-people.org/archives/interesting-people/