Originally, the Bush administration had hoped to release a final version of the plan by 18 September. However, the final document carries the words "Draft" and "For Comment," the remnants of ongoing negotiations between some companies -- which have reportedly complained about onerous security measures that previous drafts had required -- and the government. Yet the need for industry cooperation seems to have caused the plan to become more of an educational tool than a policy blueprint. The decision to release the draft didn't come as a surprise. Clarke has repeatedly called the national strategy a "process." The introduction to the National Strategy document reiterates the idea: "The Strategy is not written in stone," read the draft released Wednesday. "The President's Critical Infrastructure Protection Board (PCIPB) plans to periodically issue, online, new releases of the strategy as it evolves." While officials at the event disputed claims that the plan has backed off from many prescriptions at the behest of industry, a few of the plan's recommendations fall short of previous comments by Clarke. Two months ago, Clarke lambasted the lack of security in wireless LANs (local area networks) as a major vulnerability in the nation's Internet infrastructure, but in the draft released Wednesday, the plan recommends only that federal agencies "be mindful of the security risks when using wireless technologies." President Bush appointed Clarke in October 2001 as the lead coordinator for the administration's Internet security efforts. Clarke had served as National Coordinator for Security, Infrastructure Protection, and Counter-terrorism during the Clinton administration from May 1998. As part of Clarke's investiture, President Bush also signed Executive Order 13231, authorizing a program for the continuous protection of critical infrastructure. To showcase the progress made so far toward organizing the government and industry's response to cyberattack, the government brought out the 11 leaders of the information sharing and analysis centers (ISACs) for each critical infrastructure. Such infrastructures include electricity, oil and gas, surface transportation, and information technology. The directors of both the FBI and the Secret Service also spoke for the need to secure the nation's infrastructure. They pointed out that Sept. 18 is not the anniversary of the terrorist attacks on the World Trade Center and the Pentagon but the anniversary of the economically painful Nimda virus. Robert Mueller, director of the FBI, said that the virus attack is an indication of what may come. "Computer networks do more than connect systems; they run the business of our daily lives," he said. "Entrepreneurs and engineers aren't the only ones that recognize the potential of the Internet; criminals do as well." To that end, the directors announced that their agencies would be working more closely together, by sharing information and by having the FBI take more of a role in the Electronic Crimes Task Force, a quarterly meeting held in various U.S. cities to help train local computer security personnel. Howard Schmidt, vice chairman of the President's Critical Infrastructure Protection Board, also announced the creation of the National Infrastructure Advisory Council, a board of industry leaders that will advise the board of security issues. Executives from 40 companies, including Intel, Symantec, Akamai Technologies, Nasdaq, American Airlines, eBay and Pfizer Global, will have a seat on the council. Industry plaudits
In statements sent to reporters on Wednesday afternoon, tech companies expressed general support for the White House's strategy. "This plan recognises that everyone who uses a computer has a role and a stake in securing the networks that drive nearly every aspect of our daily lives and the world's economy," said Robert Holleyman, president of the Business Software Alliance, which represents large software companies like Adobe Systems, Apple Computer and Microsoft. "It also recognizes the need to give everyone a voice in developing the very complex solutions." Entrust said the strategy was timely. "Today marked a significant step in our nation's efforts to establish enhanced Internet security," said Bill Conner, the company's chairman and chief executive. "The White House Strategy underscores the serious nature that cybersecurity threats pose, not only to our critical infrastructures, but ultimately to our economy and our citizens. More importantly, today's demonstration represents a critical step within the federal government to secure cross-agency information sharing." VeriSign VeriSign chief executive Stratton Sclavos called it a good start. "The Bush administration has laid out the beginnings of a comprehensive plan for government, industry and citizens to work together in an unparalleled manner to ensure that the digital commerce and communications we rely on every day can be trusted," Sclavos said. "The White House has set the direction -- now it is time for industry leaders, policymakers, concerned groups and individuals to work together to ensure that progress is made." The Center for Strategic and International Studies, a hawkish think tank in Washington with close ties to the military, called the report flawed because it did not demand new laws or regulations aimed at Internet companies. CSIS is headed by John Hamre, defense secretary under President Clinton, who spent years warning of "the future electronic Pearl Harbor that might happen to the United States" if extreme measures were not taken. "Cybersecurity is too tough a problem for a solely voluntary approach to fix," said James Lewis, director of the CSIS Council on Technology and Public Policy. "Companies will only change their behavior when there are both market forces and legislation that cover security failures. Until the US has more than just voluntary solutions, we'll continue to see slow progress in improving cybersecurity." CSIS analyst Arnaud de Borchgrave, a former editor in chief of the Washington Times and United Press International, warned that a "cyberattack" was just around the corner. "It is later than we think. The next generation of transnational terrorists understands that a hand on a mouse can be more lethal than a finger on the trigger," said de Borchgrave, who co-authored a report that concluded: "Cyberattacks now arise whenever disputes occur anywhere in the world...Can cyberterrorism and cyberwar be far behind?" The full 64-page cybersecurity plan is available here. News.com's Declan McCullagh contributed to this report.
For all security-related news, including updates on the latest viruses, hacking exploits and patches, check out ZDNet UK's Security News Section.
Have your say instantly, and see what others have said. Go to the Security forum.
Let the editors know what you think in the Mailroom.
