Cybersecurity guide delayed

The federal government is pushing back plans to unveil a national roadmap for securing cyberspace from this summer to mid-September, President Bush's cybersecurity czar said June 10.

Richard Clarke, White House special adviser for cyberspace security, said the National Strategy to Secure Cyberspace will not be written by bureaucrats, but by people in such areas as higher education, banking, transportation, oil and gas, and state and local governments.

The effort has been under way for several months, with town hall meetings conducted in Portland, Ore., Denver and Chicago. Another is scheduled for next week in Atlanta.

Clarke spoke at the third annual Networked Economy Summit, which focused on technology security. The conference is sponsored by George Mason University's National Center for Technology and Law.

He said the number of cyber incidents is on the rise — causing $15 billion in damage last year — and they are more complex, but many businesses and public agencies are not taking it seriously and believe that it won't happen to them. For example, the Nimda worm, which alone did $2 billion in damage, hit many banking institutions that thought they were doing a good job on cybersecurity, he said.

"Well folks, digital Pearl Harbors are happening every day," Clarke said. "It could happen to any company any day.

"At any time, [the number of incidents] could spike," he said. "At any time, we could have a much more serious attack on a piece of the infrastructure or what holds the infrastructure together."

People need to move away from a "threat paradigm" to a "vulnerability paradigm," he said. Instead of reacting to an attack or impending attack, the public and private sectors should conduct a "vulnerability self-examination" at every level.

But the federal government should not regulate, dictate or take a command role in securing the Internet, he warned. That's because in cyberspace, technology and threats move rapidly and the government is not fast enough to keep up, nor does it have the expertise, he said.

Instead, he said the government should:

* Try to stimulate the economy.

* Keep encouraging information technology customers to buy products with adequate security.

* Continue talking with insurance companies to establish cybersecurity insurance based on certain criteria.

* Encourage development of standards and best practices for each sector.

* Help foster a private-sector certification program for IT security companies.

* Help create information-sharing analysis centers.

* Create education and training programs, including funding for the Cybercorps program and centers for excellence.

He also said the federal government should show the private sector the seriousness of the issue. For example, last October, federal agencies were asked to resubmit proposed budgets to include funding for IT security programs, he said. The Office of Management and Budget said certain agency programs would not be funded if agencies did not factor in security. That resulted in a 64 percent increase — representing more than $5 billion — on IT security spending.

He said the proposed Department of Homeland Security — which would house the National Infrastructure Protection Center, the Critical Infrastructure Assurance Office and the National Communications System — should create a concentration of operational, policy, outreach, and threat responsibilities in one place, pool skilled staff and perform better coordination.

But he said maybe the best way the federal government could help the issue is by being a "nudge," that is, constantly talking about the issue.

Featured

  • Telecommunications
    Stock photo ID: 658810513 By asharkyu

    GSA extends EIS deadline to 2023

    Agencies are getting up to three more years on existing telecom contracts before having to shift to the $50 billion Enterprise Infrastructure Solutions vehicle.

  • Workforce
    Shutterstock image ID: 569172169 By Zenzen

    OMB looks to retrain feds to fill cyber needs

    The federal government is taking steps to fill high-demand, skills-gap positions in tech by retraining employees already working within agencies without a cyber or IT background.

  • Acquisition
    GSA Headquarters (Photo by Rena Schild/Shutterstock)

    GSA to consolidate multiple award schedules

    The General Services Administration plans to consolidate dozens of its buying schedules across product areas including IT and services to reduce duplication.

Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.