Cyber-Security Plan Counts on Private Sectors Input - Page 2
This most recent draft of the national strategy is considered to be very similar to the final document that President Bush approved and signed recently, according to sources familiar with the process. The strategy is due for release within the next couple of weeks, although no exact date has been announced. The final version of the plan differs greatly from the preliminary draft released for comment by the Presidents Critical Infrastructure Protection Board in September under the direction of out-going PCIPB director Richard Clarke.The new document also removes much of the language in the original draft that advocated using so-called market forces to pressure software vendors to make their products more secure. Instead, it recommends that "the software industry should consider promoting more secure out-of-the-box installation and implementations of their products, including increasing user awareness of the security features in products, ease-of-use for security functions and where feasible, promotion of industry guidelines and best practices that support such efforts." Interestingly, the new version also includes a section discussing the need for the United States to be able to respond to cybersecurity events in kind. "When a nation, terrorist group or other adversary attacks the United States through cyberspace, the U.S. response need not be limited to criminal prosecution," the strategy says. "The United States reserves the right to respond in an appropriate manner, including through cyber warfare. The United States will be prepared for such contingencies." Officials of the PCIPB did not return calls seeking comment.
Search for more stories by Dennis Fisher
Read more stories on President Bushs Cyber-Security Plan
Read more security stories
The original draft was divided into five sections covering home users and small businesses, large enterprises, critical sectors, national priorities and global issues. The final version is organized along five cyberspace security priorities: a national cyberspace security response system, a national cyberspace security threat and vulnerability reduction program, a national cyberspace security awareness and training program, securing governments cyberspace, and international cyberspace security cooperation. Where the original draft was heavy on recommendations and suggestions, the final version uses much stronger language, in many cases issuing directives to various government agencies.