Cybersecurity strategy only a first step

National Strategy to Secure Cyberspace

The Bush administration's draft of the National Strategy to Secure Cyberspace is a necessary first step toward making the country more secure, but experts said the final version of the document needs more details and clearer priorities.

The draft includes more than 80 recommendations, and even more suggestions or "discussions" for ideas that could be turned into recommendations. The document is open for comment until Nov. 18 through the White House Web site (www.whitehouse.gov).

The draft pulled together numerous ideas, but the next step must include making sense of all the information and putting together a clear plan of action, said Scott Charney, chief security strategist at Microsoft Corp.

"For all the talking, it is important to have a document," said Charney, who served as chief of the computer crime unit at the Justice Department until earlier this year. "But you also need a process for...how to put that document into practice."

Information sharing is one area that supporters and critics of the draft agree deserves more attention. Yet for the government, sharing information is the tip of the iceberg. Agencies must develop ways to analyze the data being shared, said Andrew Purdy, senior adviser for IT security and privacy on the President's Critical Infrastructure Protection Board, which led the development of the cybersecurity strategy. Purdy made his comments at a Sept. 24 forum on cybersecurity sponsored by the Cato Institute, a Washington, D.C., think tank.

Analysis cannot happen without information, said Ken Silva, director of networks and security at VeriSign Inc. Despite creating processes for sharing critical data, such as the Information Sharing and Analysis Centers.

Action must be taken to get government and industry to improving that poor record, he said. "There is simply not enough sharing of information going on."

The effort to enhance cybersecurity has been discussed for years, but there is no objective way to determine how much the situation has improved because there are no good ways to measure those efforts.

"It'd be difficult to write performance measures, but it's a good idea," said Jim Lewis, director of technology and public policy at the Center for Strategic and International Studies.

"It's not like nothing is going on" in the security world, Charney said. "But it's a much more evolutionary process than a watershed."

If the draft becomes more action-oriented after the comment period, it could be just that — a watershed, he said.

***

Target audience

The Bush administration's National Strategy to Secure Cyberspace includes 80 recommendations for users in the following categories:

* Home computers and small businesses.

* Large businesses.

* Groups such as government, private industry and academia.

It also includes recommendations for:

* National issues and efforts.

* Global initiatives and issues.

Featured

  • Defense
    Ryan D. McCarthy being sworn in as Army Secretary Oct. 10, 2019. (Photo credit: Sgt. Dana Clarke/U.S. Army)

    Army wants to spend nearly $1B on cloud, data by 2025

    Army Secretary Ryan McCarthy said lack of funding or a potential delay in the JEDI cloud bid "strikes to the heart of our concern."

  • Congress
    Rep. Jim Langevin (D-R.I.) at the Hack the Capitol conference Sept. 20, 2018

    Jim Langevin's view from the Hill

    As chairman of of the Intelligence and Emerging Threats and Capabilities subcommittee of the House Armed Services Committe and a member of the House Homeland Security Committee, Rhode Island Democrat Jim Langevin is one of the most influential voices on cybersecurity in Congress.

Stay Connected

FCW INSIDER

Sign up for our newsletter.

I agree to this site's Privacy Policy.