[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[infowar.de] USA: Cybersicherheitsplan verzoegert sich
Infowar.de, http://userpage.fu-berlin.de/~bendrath/liste.html
-------------------------------------------------------------
http://www.fcw.com/fcw/articles/2002/0610/web-cyber-06-11-02.asp
Cybersecurity guide delayed
BY Dibya Sarkar
June 11, 2002
The federal government is pushing back plans to unveil a national
roadmap for securing cyberspace from this summer to mid-September,
President Bush's cybersecurity czar said June 10.
Richard Clarke, White House special adviser for cyberspace security,
said the National Strategy to Secure Cyberspace will not be written by
bureaucrats, but by people in such areas as higher education, banking,
transportation, oil and gas, and state and local governments.
The effort has been under way for several months, with town hall
meetings conducted in Portland, Ore., Denver and Chicago. Another is
scheduled for next week in Atlanta.
Clarke spoke at the third annual Networked Economy Summit, which
focused on technology security. The conference is sponsored by George
Mason University's National Center for Technology and Law.
He said the number of cyber incidents is on the rise ? causing $15
billion in damage last year ? and they are more complex, but many
businesses and public agencies are not taking it seriously and believe
that it won't happen to them. For example, the Nimda worm, which alone
did $2 billion in damage, hit many banking institutions that thought
they were doing a good job on cybersecurity, he said.
"Well folks, digital Pearl Harbors are happening every day," Clarke
said. "It could happen to any company any day.
"At any time, [the number of incidents] could spike," he said. "At any
time, we could have a much more serious attack on a piece of the
infrastructure or what holds the infrastructure together."
People need to move away from a "threat paradigm" to a "vulnerability
paradigm," he said. Instead of reacting to an attack or impending
attack, the public and private sectors should conduct a "vulnerability
self-examination" at every level.
But the federal government should not regulate, dictate or take a
command role in securing the Internet, he warned. That's because in
cyberspace, technology and threats move rapidly and the government is
not fast enough to keep up, nor does it have the expertise, he said.
Instead, he said the government should:
* Try to stimulate the economy.
* Keep encouraging information technology customers to buy products
with adequate security.
* Continue talking with insurance companies to establish cybersecurity
insurance based on certain criteria.
* Encourage development of standards and best practices for each
sector.
* Help foster a private-sector certification program for IT security
companies.
* Help create information-sharing analysis centers.
* Create education and training programs, including funding for the
Cybercorps program and centers for excellence.
He also said the federal government should show the private sector the
seriousness of the issue. For example, last October, federal agencies
were asked to resubmit proposed budgets to include funding for IT
security programs, he said. The Office of Management and Budget said
certain agency programs would not be funded if agencies did not factor
in security. That resulted in a 64 percent increase ? representing more
than $5 billion ? on IT security spending.
He said the proposed Department of Homeland Security ? which would
house the National Infrastructure Protection Center, the Critical
Infrastructure Assurance Office and the National Communications System ?
should create a concentration of operational, policy, outreach, and
threat responsibilities in one place, pool skilled staff and perform
better coordination.
But he said maybe the best way the federal government could help the
issue is by being a "nudge," that is, constantly talking about the
issue.
---------------------------------------------------------------
Liste verlassen:
Mail an infowar -
de-request -!
- infopeace -
de mit "unsubscribe" im Text.