[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[infowar.de] WP zum Cybersec-Plan
U.S. to Unveil Cybersecurity Draft
White House Aims to Foster Consensus With Revised Plan
By Ariana Eunjung Cha
Washington Post Staff Writer
Wednesday, September 18, 2002; Page A13
The White House plans to release a series of draft recommendations for
protecting the nation's computer networks today in hopes of building a
consensus in the technology community for what needs to be done.
The Bush administration had originally hoped to produce a formal set of
guidelines by today but found itself mired in debate over how tough to
be. Richard A. Clarke, the president's top adviser on computer security,
has said he will not seek legislation containing mandates if companies
comply with his recommendations. His challenge is winning industry
support for meaningful proposals.
"If we just come up with a government strategy without participation
from the people who have to implement it, we're not going to get the
level of commitment and buy-in that we need for this," Clarke said.
The report has been compiled by Clarke's staff over the past year based
on comments from a spectrum of experts representing private industry,
academia and the government. It is a companion piece -- the only one to
be broken out in such a manner -- to the national security plan released
recently by Tom Ridge's Office of Homeland Security.
The plan has been pared as the groups involved in its drafting argued
over which recommendations were reasonable in terms of need and cost and
which were likely to be implemented voluntarily.
The current version carries more than 80 recommendations, many of which
center on improving communication to first prevent and then respond to
cyberattacks, rather than fixing technical problems.
The report suggests that state, local and private groups should consider
developing programs for educating students in "cyberethics." It also
says the federal government should consult regularly with industry
groups, privacy advocates, Internet service providers and a host of
others to trade information and share new ideas.
Georgetown University professor Dorothy E. Denning, a cybersecurity
specialist, describes the recommendations as "good common sense," while
the Clinton administration's former privacy counselor, Ohio State
University professor Peter Swire, described the suggestions as "good
hygiene" rather than radical changes in how the nation approaches
The most concrete proposals, for which the plan even gives deadlines,
are for the government:
The federal government should, for example, by the third quarter of
fiscal 2003, assess whether private vendors are certified for meeting
certain security requirements and determine whether specific action is
necessary to promote greater use of automated security programs to
The White House also plans to announce today the creation of a National
Infrastructure Advisory Council made up of private and public leaders as
well as a joint FBI-Secret Service task force to combat computer crime.
The recommendations for the private sector, however, are more general.
Of the seven suggestions, four promote greater communication between and
within companies by doing things such as forming corporate security
councils. One guideline says chief executives should consider regular
security audits; another says information technology plans should be
regularly reviewed. Still another one says companies should review
security software for mainframes, the superfast computers that often run
The plan does not take specific companies such as Microsoft Corp. or
Cisco Systems Inc. to task for security problems with their products.
The question of whether financial analysts should seek information about
companies' security procedures before writing reports is a "discussion"
point rather than a "recommendation."
There are also some tweaks in language that soften the burden on companies:
The recommendation that Internet service providers should bundle
firewall security technology with their programs has been changed to
suggest that home users and small businesses install firewalls and other
security technology. Earlier drafts called for the creation of a privacy
czar within the government; the plan now says simply that everyone
should consider privacy issues when implementing the recommendations.
"The people charged with writing this report need to balance politics,
economics and technology and come up with something people will listen
to, and that's not an easy task. But I think it's unfortunate that they
are not able to make stronger statement," said Eugene H. Spafford,
director of the Center for Education and Research in Information
Assurance and Security at Purdue University.
Clarke played down the changes between versions but said part of the
reason the report was issued in draft form was because of rumors and
misunderstandings within the high-tech community about what would be
There will be "transparency from now on," he said. Changes now "will be
informed by everybody in the country who has something to say about it."
Administration sources also said the delay had to do with concerns about
not diverting attention from President Bush's main focus these days -- a
possible invasion of Iraq.
The public will have two more months to comment on the draft. The
president will be presented with a final copy later this year.
© 2002 The Washington Post Company
Mail an infowar -
- infopeace -
de mit "unsubscribe" im Text.