Suche innerhalb des Archivs / Search the Archive All words Any words

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[] WP zum Cybersec-Plan,

U.S. to Unveil Cybersecurity Draft
White House Aims to Foster Consensus With Revised Plan

By Ariana Eunjung Cha
Washington Post Staff Writer
Wednesday, September 18, 2002; Page A13

The White House plans to release a series of draft recommendations for 
protecting the nation's computer networks today in hopes of building a 
consensus in the technology community for what needs to be done.

The Bush administration had originally hoped to produce a formal set of 
guidelines by today but found itself mired in debate over how tough to 
be. Richard A. Clarke, the president's top adviser on computer security, 
has said he will not seek legislation containing mandates if companies 
comply with his recommendations. His challenge is winning industry 
support for meaningful proposals.

"If we just come up with a government strategy without participation 
from the people who have to implement it, we're not going to get the 
level of commitment and buy-in that we need for this," Clarke said.

The report has been compiled by Clarke's staff over the past year based 
on comments from a spectrum of experts representing private industry, 
academia and the government. It is a companion piece -- the only one to 
be broken out in such a manner -- to the national security plan released 
recently by Tom Ridge's Office of Homeland Security.

The plan has been pared as the groups involved in its drafting argued 
over which recommendations were reasonable in terms of need and cost and 
which were likely to be implemented voluntarily.

The current version carries more than 80 recommendations, many of which 
center on improving communication to first prevent and then respond to 
cyberattacks, rather than fixing technical problems.

The report suggests that state, local and private groups should consider 
developing programs for educating students in "cyberethics." It also 
says the federal government should consult regularly with industry 
groups, privacy advocates, Internet service providers and a host of 
others to trade information and share new ideas.

Georgetown University professor Dorothy E. Denning, a cybersecurity 
specialist, describes the recommendations as "good common sense," while 
the Clinton administration's former privacy counselor, Ohio State 
University professor Peter Swire, described the suggestions as "good 
hygiene" rather than radical changes in how the nation approaches 
computer security.

The most concrete proposals, for which the plan even gives deadlines, 
are for the government:

The federal government should, for example, by the third quarter of 
fiscal 2003, assess whether private vendors are certified for meeting 
certain security requirements and determine whether specific action is 
necessary to promote greater use of automated security programs to 
preempt attacks.

The White House also plans to announce today the creation of a National 
Infrastructure Advisory Council made up of private and public leaders as 
well as a joint FBI-Secret Service task force to combat computer crime.

The recommendations for the private sector, however, are more general.

Of the seven suggestions, four promote greater communication between and 
within companies by doing things such as forming corporate security 
councils. One guideline says chief executives should consider regular 
security audits; another says information technology plans should be 
regularly reviewed. Still another one says companies should review 
security software for mainframes, the superfast computers that often run 
critical systems.

The plan does not take specific companies such as Microsoft Corp. or 
Cisco Systems Inc. to task for security problems with their products. 
The question of whether financial analysts should seek information about 
companies' security procedures before writing reports is a "discussion" 
point rather than a "recommendation."

There are also some tweaks in language that soften the burden on companies:

The recommendation that Internet service providers should bundle 
firewall security technology with their programs has been changed to 
suggest that home users and small businesses install firewalls and other 
security technology. Earlier drafts called for the creation of a privacy 
czar within the government; the plan now says simply that everyone 
should consider privacy issues when implementing the recommendations.

"The people charged with writing this report need to balance politics, 
economics and technology and come up with something people will listen 
to, and that's not an easy task. But I think it's unfortunate that they 
are not able to make stronger statement," said Eugene H. Spafford, 
director of the Center for Education and Research in Information 
Assurance and Security at Purdue University.

Clarke played down the changes between versions but said part of the 
reason the report was issued in draft form was because of rumors and 
misunderstandings within the high-tech community about what would be 

There will be "transparency from now on," he said. Changes now "will be 
informed by everybody in the country who has something to say about it."

Administration sources also said the delay had to do with concerns about 
not diverting attention from President Bush's main focus these days -- a 
possible invasion of Iraq.

The public will have two more months to comment on the draft. The 
president will be presented with a final copy later this year.

© 2002 The Washington Post Company

Liste verlassen: 
Mail an infowar -
 de-request -!
- infopeace -
 de mit "unsubscribe" im Text.