[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[infowar.de] Kevin Poulsen/Securityfocus zur National Strategy
Eine weitere von vielen Kritiken. Poulsen war selber mal Hacker und ist
heute Journalist, u.a. für Wired, The Register und SecurityFocus.
Cybersecurity Plan Offends No One
The White House's strategy to secure cyberspace adopts a hands-off
approach. Critics say that's not enough.
By Kevin Poulsen, Sep 18 2002 6:26PM
PALO ALTO, Calif.--The White House formally unveiled a public draft of
its national cybersecurity plan at Stanford University here Wednesday to
an invitation-only audience of technology company CEO's and security
industry bigwigs, and a crush of media.
Introducing it as the product of an "unprecedented partnership" between
the private sector and government, Richard Clarke, chairman of the
President's Critical Infrastructure Protection Board (PCIPB), said the
National Strategy to Secure Cyberspace is a step towards preventing
serious cyber attacks in the future. "On this issue, when we know there
are vulnerabilities, and we know some of the solutions, let us work
together as a country... to solve these vulnerabilities before there's a
Ten months in the making, the 64-page strategy urges home computer users
to take responsibility for their own security by purchasing anti-virus
software and personal firewalls, and includes scores of other
recommendations for businesses, law enforcement and academia. At the
same time it carefully avoids any hint of possible regulation, even of
critical infrastructure providers like electric utilities and telephone
companies. Proposals to establish best practices in cybersecurity, or to
create new private sector information sharing organizations are
introduced as ideas that industry "should consider," a phrase that's
repeated 74 times in the strategy.
"It is not about government regulation to achieve cybersecurity, rather
let the market forces make the changes for us," said Howard Schmidt,
vice chair of the PCIPB, and former security chief at Microsoft.
Harris Miller, president of the Information Technology Association of
America called the White House plan "the most comprehensive and serious
attempt to date" to address cybersecurity, and praised its hands-off
approach. "Industry owns and operates most of these infrastructures and
is the natural steward for their safety, working in conjunction with the
Public Comments Sought
But other experts call the plan toothless. "There's nothing in it, it's
sixty pages of nothing," says Mark Rasch, an independent cybersecurity
consultant, and one-time head of the Justice Department's computer crime
division. "They were so anxious to keep a consensus that they took out
anything that anyone would object to... There isn't a proposal in here
that would call for any legislation to enact it, that would require
anybody to do anything affirmatively, or punish them for failing to do
The draft strategy can be downloaded from the White House's Web site,
and will be open for public comment for two months before going to the
president for signature. "We had ten months of public comment that was
'tell us something,'" Clarke said after the event. "What we want now is
specific comment on a specific set of proposals."
The two-hour forum introducing the strategy at times had the feel of a
slightly-overlong awards show, with high-ranking representatives of a
variety of government agencies and industries taking turns on the stage
to praise the document and the process that produced it, sometimes
making their own announcements tied to the event.
FBI director Robert Mueller and U.S. Secret Service director Brian
Stafford -- heads of agencies with some historic rivalry -- took podiums
on either wing of the stage to deliver a joint talk on the need for
better cybersecurity. Handing-off to one another like dual presenters at
the Oscars, the directors announced the formation of a pilot program to
create joint task forces in several cities, with Secret Service and FBI
agents working side-by-side to crack cybercrimes.
The Department of Energy released a guide to securing SCADA systems --
remotely operated equipment that the strategy identifies as a weakness
in power and water systems. And the Federal Trade Commission put in a
plug for "Dewie the e-Turtle," a Smokey the Bear-like cartoon character
that reminds consumers that only they can stop computer viruses and
hackers from taking over their computer.
Mail an infowar -
- infopeace -
de mit "unsubscribe" im Text.