By the time you read this, officials may have ratcheted down the orange terror alert a notch, but no matter: The threats against our critical computing infrastructure are as great as ever. Unless you read eWeek or closely monitor news from the Department of Homeland Security, you may not be aware that the National Strategy to Secure Cyberspace is now complete, announced unceremoniously by Secretary Tom Ridge Feb. 14.
The strategy, prepared by the Presidents Critical Infrastructure Protection Board, probably could not have prevented Slammer, although prevention is one of three objectives, along with reducing vulnerabilities and minimizing damage and recovery time from attacks. Unfortunately, such an outline at present is about as helpful as duct taping servers and wrapping them in plastic sheeting.
There has been no clear connection made between cyber-security and terrorist activities, but the PCIPB is part of the Department of Homeland Security, and alleged terrorists do possess more than a working knowledge of computer systems and how to bring them down, or they can hire people who can.
Now, after a period of some public comment and a few revisions, the final version of the National Strategy to Secure Cyberspace is almost dead on arrival, victimized by a lack of clear mandates and incentives and lacking any real stated cooperation on the part of the public and private sectors and the public at large, reports Dennis Fisher.
The impact of the National Strategy to Secure Cyberspace may be as minimal as any of the countless policy statements that come from Washington, or, if we have another Slammer that puts out a few ATMs inside the Beltway, we may end up with every piece of e-mail we send routed through an FBI operations center. Its hard to tell. We wont have any real strategy to secure cyberspace until government, business and civic leaders drop the posing and get to work.
Are we safe yet? Write to me at firstname.lastname@example.org.