Page Two

By Chris Gonsalves  |  Posted 2003-02-14 Print this article Print

: With Little Fanfare, Feds Unveil Cyber Plan"> Still, the core of the new plan is cooperation and information sharing—both sensitive subjects for the private sector. Past information-sharing concepts, not sponsored by the government, have centered on organizations such as the industry-specific Information Sharing and Analysis Centers and the FBIs InfraGard. However, these and other plans have lacked a good definition of the kind of data the government needs and how its going to be handled once its submitted. As such, security experts say this time around, the government would do well to make such distinctions. "Sharing information [on vulnerabilities] reveals nothing that would make a company look bad in front of its customers," said Stuart Schechter, a security researcher at Harvard University, in Cambridge, Mass., and co-author of a paper on the benefits of information sharing. "Even revealing that youve seen a vulnerability exploited doesnt reveal that this has resulted in a successful attack. Better statistics on just how many systems are broken into because systems arent patched would be nice to know—but most of us know where these systems fail. Better numbers on losses from attacks would certainly be useful."
However, some security experts are pessimistic about the chances for widespread cooperation.
"History has shown that unless theyre forced to, people wont reveal any information, for obvious reasons," said Avi Rubin, associate professor of computer science and technical director of the Information Security Institute at Johns Hopkins University, in Baltimore. "On the other hand, we still dont have good protective measures yet. They need to allocate more funding to research. They should let those of us who know what were doing do it." Referring to the contentious history of the plan, Bush today said, "Securing cyberspace is an extraordinarily difficult strategic challenge that requires a coordinated and focused effort from our entire society—the federal government, state and local governments, the private sector, and the American people." "To engage Americans in securing cyberspace, a draft version of this strategy was released for public comment, and ten town hall meetings were held around the Nation to gather input on the development of a national strategy," the president added. "Thousands of people and numerous organizations participated in these town hall meetings and responded with comments. I thank them all for their continuing participation. Safety in numbers The national strategy focuses on five areas deemed crucial to network security:
  • Priority 1: Build a national security response system
  • Priority 2: Create a threat and vulnerability reduction program
  • Priority 3: Develop a national security training program
  • Priority 4: Secure governments cyberspace
  • Priority 5: Enhance international cooperation
  • eWEEK Special Report: Bushs Cyber-Security Plan
  • National Strategy to Secure Cyberspace


    Submit a Comment

    Loading Comments...
    Manage your Newsletters: Login   Register My Newsletters

    Rocket Fuel