It is clear from the privacy recommendations in the national plan that the government expects a measure of criticism over the security provisions in the strategy. One section discusses the often-problematic relationship between security and privacy but offers little in the way of solutions. "At times there may be apparent tension between security and privacy values," the section reads. "Where tensions do arise, an active and open communication process must exist for evaluating the competing interests rigorously and thoughtfully, and identifying solutions.""All of these [recommendations] are good ideas," Dempsey said. "It depends upon what the report says about things like data retention, data mining and how you handle intrusion detection." The governments plan includes numerous proposals aimed at expanding the governments security efforts as well as expanding its electronic surveillance capabilities. According to the plan, the administration wants to establish a centralized facility for collecting and examining data traffic in search of security threats. The plan also encourages private operators to accelerate data gathering. All this is aimed at improving the state of government and private-sector network security, which is a source of much consternation for federal security officials. Many in Washington feel that the focus on security in the past year has yielded few tangible results. "Its a little better, not much," Richard Clarke, chairman of the Presidents Critical Infrastructure Protection Board, which spearheaded the strategy, told eWeek. "I think taking [these] different federal organizations and merging them into the Department of Homeland Security and giving them a decent budget [will help]. That organization is going to be the pointy end of the spear defending us from cyber-attacks." Aside from the new department, the government is working quietly on several fronts to tighten security. Clarke has been collaborating with major ISPs and the Defense Advanced Research Projects Agency to help secure IPv6, the next version of Internet Protocol. Theres also been work on securing the Internets Domain Name System and Border Gateway Protocol. Howard Schmidt, vice chairman of the PCIPB, said the degree to which risk has been minimized varies from network to network. "CIOs and internal auditors have been working hard, but this is a complex issue," Schmidt told eWeek. "I think what we have minimized is the risk of anybody exploiting known vulnerabilities to do long-term sustainable damage." Related stories:
Bushs Cyber-Security Plan Targets E-Mail
How Real Is the Threat?
Clarke Lambastes Software Industry
Editorial: Security: The Feds Can Help
Congress Zeros In on Cyber-security
Cyber-Security Czar Gives IT a Wake-Up Call
Jim Dempsey, deputy director of the Center for Democracy and Technology, in Washington, said that the privacy recommendations are positive on their face but do not necessarily outweigh the harm to privacy other segments of the strategy could raise.