Cybersecurity strategy only a first step

National Strategy to Secure Cyberspace

The Bush administration's draft of the National Strategy to Secure Cyberspace is a necessary first step toward making the country more secure, but experts said the final version of the document needs more details and clearer priorities.

The draft includes more than 80 recommendations, and even more suggestions or "discussions" for ideas that could be turned into recommendations. The document is open for comment until Nov. 18 through the White House Web site (www.whitehouse.gov).

The draft pulled together numerous ideas, but the next step must include making sense of all the information and putting together a clear plan of action, said Scott Charney, chief security strategist at Microsoft Corp.

"For all the talking, it is important to have a document," said Charney, who served as chief of the computer crime unit at the Justice Department until earlier this year. "But you also need a process for...how to put that document into practice."

Information sharing is one area that supporters and critics of the draft agree deserves more attention. Yet for the government, sharing information is the tip of the iceberg. Agencies must develop ways to analyze the data being shared, said Andrew Purdy, senior adviser for IT security and privacy on the President's Critical Infrastructure Protection Board, which led the development of the cybersecurity strategy. Purdy made his comments at a Sept. 24 forum on cybersecurity sponsored by the Cato Institute, a Washington, D.C., think tank.

Analysis cannot happen without information, said Ken Silva, director of networks and security at VeriSign Inc. Despite creating processes for sharing critical data, such as the Information Sharing and Analysis Centers.

Action must be taken to get government and industry to improving that poor record, he said. "There is simply not enough sharing of information going on."

The effort to enhance cybersecurity has been discussed for years, but there is no objective way to determine how much the situation has improved because there are no good ways to measure those efforts.

"It'd be difficult to write performance measures, but it's a good idea," said Jim Lewis, director of technology and public policy at the Center for Strategic and International Studies.

"It's not like nothing is going on" in the security world, Charney said. "But it's a much more evolutionary process than a watershed."

If the draft becomes more action-oriented after the comment period, it could be just that — a watershed, he said.

***

Target audience

The Bush administration's National Strategy to Secure Cyberspace includes 80 recommendations for users in the following categories:

* Home computers and small businesses.

* Large businesses.

* Groups such as government, private industry and academia.

It also includes recommendations for:

* National issues and efforts.

* Global initiatives and issues.

Featured

  • Telecommunications
    Stock photo ID: 658810513 By asharkyu

    GSA extends EIS deadline to 2023

    Agencies are getting up to three more years on existing telecom contracts before having to shift to the $50 billion Enterprise Infrastructure Solutions vehicle.

  • Workforce
    Shutterstock image ID: 569172169 By Zenzen

    OMB looks to retrain feds to fill cyber needs

    The federal government is taking steps to fill high-demand, skills-gap positions in tech by retraining employees already working within agencies without a cyber or IT background.

  • Acquisition
    GSA Headquarters (Photo by Rena Schild/Shutterstock)

    GSA to consolidate multiple award schedules

    The General Services Administration plans to consolidate dozens of its buying schedules across product areas including IT and services to reduce duplication.

Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.