Cyber strategy: A starting point

[InfoSec News <isn () c4i org>]

http://www.fcw.com/fcw/articles/2002/0916/web-strat-09-18-02.asp

By Diane Frank 
Sept. 18, 2002

The National Strategy to Secure Cyberspace that the Bush
administration released today is a draft -- a roadmap that will become
more detailed as comments are returned and expertise evolves within
government and the private sector, according to the document.

Parts of the draft strategy, developed by the Critical Infrastructure
Protection Board in cooperation with the private sector, are more
detailed than others. Recommendations for the federal government
sector include:

* That the CIO Council and relevant agencies consider creating a
  "cyberspace academy" to link federal cybersecurity and computer
  forensics training programs.

* That the Office of Management and Budget establish an Office of
  Information Security Support Services within the proposed Homeland
  Security Department to pool security resources from across
  government to support smaller and less-experienced agencies.

* That the government examine the idea of certifying private-sector
  security providers, based on the certifications being performed by
  the national security community. This could lead to limiting
  contract awards for security services to certified companies.

The Critical Infrastructure Protection Board executive branch
Information Systems Security Committee, the Office of Federal
Procurement Policy and the Federal Acquisition Regulation Council are
also examining how to improve security in the systems and solutions
that agencies procure from vendors. They are reviewing the National
Infrastructure Assurance Program's security accreditation process --
as well as its mandated implementation at the Defense Department -- to
determine the possible impact of extending the DOD requirement to
civilian agencies.

"The federal government recognizes that past efforts such as this have
failed, but believes that the heightened level of government and
consumer concerns over significant flaws in information technology
products warrants renewed efforts," the draft states.

That review will be completed by the fourth quarter of fiscal 2003.

The committee also plans to examine the viability of establishing
uniform security practices for different categories of programs and
services, falling into high, medium and low levels of risk.

The draft also includes recommendations developed by and for industry
and academia, including:

* That Internet service providers should consider adopting a "code of
  conduct" governing their security practices and interactions.

* That colleges and universities should enhance their security
  capabilities by considering the establishment of one or more
  information sharing and analysis centers, empowering their chief
  information officers, adopting best practices, and creating model
  awareness and training materials.

The entire draft strategy is available online at
www.securecyberspace.gov, and the board is asking for comment through
that Web site by Nov. 18. The board also plans to hold eight more town
hall-style meetings across the country to solicit comment and
reaction. All of that information will be incorporated into the draft
to create a complete strategy that will be approved by President Bush.



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn'
in the BODY of the mail.