Feds Revise Cyber-Security Plan
Current version of the draft contains less detail and fewer specific recommendations than previous drafts, say sources.Critics who called the governments draft plan for improving cyber-security toothless and overly broad are likely to be sorely disappointed by the next version when its released within the next few weeks. A current version of the document circulating in Washington contains even less detail and fewer specific recommendations than did the original draft released last September, say sources. The document also reflects the Bush administrations propensity to avoid regulation and mandates in favor of using market forces and other unofficial methods of influencing industry decisions. Richard Clarke, the chairman of the Presidents Critical Infrastructure Protection Board, which is writing the national strategy, has said repeatedly that he plans to use the governments purchasing power to buy more secure software and hardware products. He hopes that this will, in turn, force vendors to improve the security of their offerings in order to have a shot at some of the billions of dollars that federal agencies spend annually on IT purchases.
"Theres going to be less command-and-control and more of a market-driven approach," said Mark Rasch, senior vice president and chief security counsel at security vendor Solutionary Inc., based in Omaha, Neb., who has been in close contact with people in the White House regarding the national strategy. "The problem with that strategy is, we already have that. We already have exactly the level of security that the market dictates."