The White House on Wednesday released a draft of its cybersecurity plan, a document that many critics are already saying is too tepid and watered-down to have any real effect on the countrys network security.
Richard Clarke, chairman of the Presidents Critical Infrastructure Protection Board, has been planning for several months to release the National Strategy to Secure Cyberspace at a high-level event in Silicon Valley. But the board instead released a draft of the strategy and will go back to private industry and public sector experts to seek more suggestions for the final plan.
The delay was necessary "so that everyone in the country can see it, so that everyone in the country can tell us what the national strategy should be," Clarke said during the announcement of the drafts release at Stanford University in Palo Alto, Calif., Wednesday. There will be a 60-day public-comment period, after which the PCIPB will wade through the suggestions and produce a final version of the strategy, likely by years end.
In addition to the release of the draft, Clarke also announced the appointment of 27 business, academic, law enforcement and government leaders to the new National Infrastructure Assurance Council. The council will advise President Bush on security matters and will have until Nov. 18 to submit input on the plan. After that input is considered and incorporated, Bush will release the plan himself.
Also, the FBI and the Secret Service announced a new joint task force to improve the investigation of cybercrimes.
The strategy comprises a set of recommendations for improving information security in the public and private sectors and is divided into five levels: home users, large enterprises, critical sectors, national priorities and global. Only the section on the federal government lists any required actions, which critics say reveals one of the key weaknesses of the strategy.
"The hammers in the government are few [regarding the private sector]. How can they compel businesses to adopt these things?" said Ron Sable, vice president of the public sector at Guardent Inc., a managed security company in Waltham, Mass. "On the commercial side, its a question of budget and whether theyve had a problem in the past and think theyre likely to have one in the future."