Cybersecurity strategy only a first step

National Strategy to Secure Cyberspace

The Bush administration's draft of the National Strategy to Secure Cyberspace is a necessary first step toward making the country more secure, but experts said the final version of the document needs more details and clearer priorities.

The draft includes more than 80 recommendations, and even more suggestions or "discussions" for ideas that could be turned into recommendations. The document is open for comment until Nov. 18 through the White House Web site (www.whitehouse.gov).

The draft pulled together numerous ideas, but the next step must include making sense of all the information and putting together a clear plan of action, said Scott Charney, chief security strategist at Microsoft Corp.

"For all the talking, it is important to have a document," said Charney, who served as chief of the computer crime unit at the Justice Department until earlier this year. "But you also need a process for...how to put that document into practice."

Information sharing is one area that supporters and critics of the draft agree deserves more attention. Yet for the government, sharing information is the tip of the iceberg. Agencies must develop ways to analyze the data being shared, said Andrew Purdy, senior adviser for IT security and privacy on the President's Critical Infrastructure Protection Board, which led the development of the cybersecurity strategy. Purdy made his comments at a Sept. 24 forum on cybersecurity sponsored by the Cato Institute, a Washington, D.C., think tank.

Analysis cannot happen without information, said Ken Silva, director of networks and security at VeriSign Inc. Despite creating processes for sharing critical data, such as the Information Sharing and Analysis Centers.

Action must be taken to get government and industry to improving that poor record, he said. "There is simply not enough sharing of information going on."

The effort to enhance cybersecurity has been discussed for years, but there is no objective way to determine how much the situation has improved because there are no good ways to measure those efforts.

"It'd be difficult to write performance measures, but it's a good idea," said Jim Lewis, director of technology and public policy at the Center for Strategic and International Studies.

"It's not like nothing is going on" in the security world, Charney said. "But it's a much more evolutionary process than a watershed."

If the draft becomes more action-oriented after the comment period, it could be just that — a watershed, he said.

***

Target audience

The Bush administration's National Strategy to Secure Cyberspace includes 80 recommendations for users in the following categories:

* Home computers and small businesses.

* Large businesses.

* Groups such as government, private industry and academia.

It also includes recommendations for:

* National issues and efforts.

* Global initiatives and issues.

Featured

  • Image: Shutterstock

    COVID, black swans and gray rhinos

    Steven Kelman suggests we should spend more time planning for the known risks on the horizon.

  • IT Modernization
    businessman dragging old computer monitor (Ollyy/Shutterstock.com)

    Pro-bono technologists look to help cash-strapped states struggling with legacy systems

    As COVID-19 exposed vulnerabilities in state and local government IT systems, the newly formed U.S. Digital Response stepped in to help.

Stay Connected