Interesting People mailing list archives

Previous By Date Next
Previous By Thread Next

more on National cybersecurity plan omits industrymandates

From: Dave Farber <dave () farber net>
Date: Tue, 07 Jan 2003 06:30:08 -1000

------ Forwarded Message
From: Ted Bridis <tbridis () ap org>
Organization: The Associated Press
Date: Tue, 07 Jan 2003 11:16:05 -0500
To: dave () farber net
Subject: RE: [IP] National cybersecurity plan omits industrymandates


[IP] National cybersecurity plan omits industry mandates<<


Dave, Gov't Executive's review of the administration's latest plan for
cyber-security missed at least one change that I found curious:
eliminating an earlier, formal proposal to consult regularly with
privacy experts. In the September draft (available at
http://www.whitehouse.gov/pcipb/) there was a section of explicit
proposals (See Recommendations R-36, -37 and -38) dedicated to "Privacy
and Civil Liberties," all of which have been eliminated as formal
proposals from the latest draft, as far as I can tell. It will be
interesting to see whether the privacy provisions are added back in
before this latest draft is made public.

http://news.yahoo.com/news?tmpl=story2&cid=528&ncid=528&e=3&u=/ap/200301
06/ap_on_go_pr_wh/securing_cyberspace

White House Trims Cyber-Security Plan

By TED BRIDIS
Associated Press Writer

WASHINGTON - The Bush administration has reduced by nearly half its
initiatives to tighten security for vital computer networks, giving more
responsibility to the new Homeland Security Department and eliminating
an earlier plan to consult regularly with privacy experts.
        
An internal draft of the administration's upcoming plan also eliminates
a number of voluntary proposals for America's corporations to improve
security, focusing instead on suggestions for U.S. government agencies,
such as a broad new study assessing risks.

"Governments can lead by example in cyberspace security," the draft
said. 

The draft, circulating among government offices and industry executives
this week, was obtained by The Associated Press. President Bush was
expected to sign the plan, called the National Strategy to Secure
Cyberspace, and announce the proposals within several weeks.

The new draft pares the number of security proposals from 86 to 49.
Among changes, the draft drops an explicit recommendation for the White
House to consult regularly with privacy advocates and other experts
about how civil liberties might be affected by proposals to improve
Internet security. 

The draft notes that "care must be taken to respect privacy interests
and other civil liberties," and it noted that the new Homeland Security
Department will include a privacy officer to ensure that monitoring the
Internet for attacks would balance privacy and civil liberties concerns.


"It's perplexing," said James X. Dempsey of the Washington-based Center
for Democracy and Technology. "This administration is constantly on the
receiving end of criticism on privacy issues. This looks like another
example of willfully raising privacy concerns. They should know better
by now." 

An official for the White House cyber-security office declined to
comment, saying the latest draft hasn't yet been published.

The draft obtained by the AP puts the new Homeland Security Department
squarely in the role of improving Internet security, proposing to use it
to launch some test attacks against civilian U.S. agencies and to
improve the safety of automated systems that operate the nation's water,
chemical and electrical networks.

The new version also makes it more clear than ever that the Defense
Department can wage cyber warfare if the nation is attacked. The
administration said previously that government "should continue to
reserve the right to respond in an appropriate manner."

The new draft cautions that it can be difficult or even impossible to
trace an attack's source. But it warns that the government's response
"need not be limited to criminal prosecution. The United States reserves
the right to respond in an appropriate manner, including through cyber
warfare," it said. 

The new version also puts new responsibilities on the CIA and FBI to
disrupt other countries from using cyber tactics to collect intelligence
on government agencies, companies and universities.

The administration published an early version of its plan in September -
weeks before Congress voted to create the Homeland Security Department -
with 86 recommendations for at home users, small businesses,
corporations, universities and government agencies.

Critics, even the InfraGard national organization of private security
experts established by the FBI, seized on the lack of new regulations
that would have mandated better security practices but could have
required America's largest corporations to spend millions for
improvements. 

"We felt that there was a significant security improvement that could be
made most easily through regulation," the InfrGard group wrote to the
White House. "In many cases the deeply held conclusion was that the same
result could not be reached in the absence of new regulation."

The draft, however, continues to refute the need for any new
regulations, saying mandates for private industry would violate the
nation's "traditions of federalism and limited government." It said
broad regulations would hamstring security by creating a "lowest
common-denominator approach" and could result in even worse security.



------ End of Forwarded Message

-------------------------------------
You are subscribed as interesting-people () lists elistx com
To unsubscribe or update your address, click
  http://v2.listbox.com/member/?listname=ip

Archives at: http://www.interesting-people.org/archives/interesting-people/
Previous By Date Next
Previous By Thread Next

Current thread: