[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[infowar.de] CW 19.06.02 nächste "National Strategy to Secure Cyberspace" im September
Infowar.de, http://userpage.fu-berlin.de/~bendrath/liste.html
-------------------------------------------------------------
Nettes Zitat zum Dokument:
"It's designed to be a plug-and-play type document," he said. "If we
make mistakes, we can pull that piece out and replace it in Internet
time."
-om
Bush cybersecurity strategy to be a living document
By DAN VERTON
JUNE 19, 2002
http://www.computerworld.com/securitytopics/security/story/0,10801,72108,00.html
Howard Schmidt, vice chairman of the president's Critical Infrastructure
Protection Board, attended the fourth and final White House-sponsored
"town hall meeting" on cybersecurity last night in Atlanta before the
release in September of the next version of the National Strategy to
Secure Cyberspace.
During his presentation to a packed auditorium of local Atlanta security
administrators, CIOs,
educators and legal professionals, Schmidt described what he
characterized as the unique aspects of the Bush plan. Unlike other
government planning documents, including a previous version of the
national cybersecurity strategy released in 2000 by the Clinton
administration, the Bush plan "is intended to be an online version,"
said Schmidt.
"It's designed to be a plug-and-play type document," he said. "If we
make mistakes, we can pull that piece out and replace it in Internet
time."
In addition, the Bush strategy will be to reach beyond corporate and
government users to include home users. Responding to questions from the
audience, Schmidt said that home users will be able to tap into the flow
of information about IT vulnerabilities. The document will also include
specific sections by experts from various critical sectors of the
economy, such as banking and finance, electric power, telecommunications
and emergency services.
Tom Noonan, CEO of Internet Security Systems Inc. and a panel member at
the town hall meeting, said the session lasted well beyond the two hours
originally scheduled. He noted a "genuine, albeit skeptical, interest in
participating in a public/private partnership."
Noonan said legal issues surrounding the Freedom of Information Act and
the threat of inadvertent disclosure of proprietary information remains
a major obstacle to getting most companies to work with the government.
"That's a structural issue we have to address," said Noonan. "The law
has to be fundamentally rethought. And that doesn't happen in Washington
overnight."
"This goes beyond a department of defense issue or an FBI issue,"
Schmidt said last night. "We've seen an ever-increasing number of
attacks on our critical infrastructure." If the national strategy is to
succeed, "it will take the coordinated efforts of [government, military
and private-sector companies], as well as the state and local
[agencies]," he said.
Schmidt reiterated what Richard Clarke, chairman of the Critical
Infrastructure Protection Board, has said repeatedly: that the
administration does not plan to impose more regulations on companies to
improve Internet security. "We believe the market will drive itself,"
said Schmidt.
Mary Guzman, senior vice president and regional e-business practice
manager at Marsh Inc., a New York-based insurance firm, attended the
meeting and pointed to drawbacks with the administration's approach to
the industry.
"The federal government is trying very hard not to regulate anything,"
Guzman said. "They want the market to drive the process. But there are
inherent problems with that. There still seems to be an unwillingness in
industry to put your money where your mouth is.
"The only thing that is going to change that is when there is some pain
in the pocketbook from liability lawsuits," she said. However, "it's
hard to hold somebody liable for not meeting a standard when there is no
standard."
Although the Bush administration is encouraging the private sector to
allow market forces to drive better security practices, Guzman said only
the health care and financial services industries have so far shown a
willingness to spend more on security and purchasing cyber insurance.
"And, interestingly enough, those two industries are regulated," she
said.
However, Harris Miller, president of the Arlington, Va.-based
Information Technology Association of America, said the Defense
Department is a good example of how an influential user can force
software and hardware vendors to deliver more secure products.
Next month, the Pentagon will put a new policy into effect requiring all
IT products to be tested by an independent third party for security,
said Miller. "That will change the marketplace," he said.
---------------------------------------------------------------
Liste verlassen:
Mail an infowar -
de-request -!
- infopeace -
de mit "unsubscribe" im Text.