The White House is expected to unveil its long-awaited National Strategy to Secure Cyber Space this week, outlining security recommendations for Americans who use computers, from the home user to the enterprise user to those in the federal government. And because U.S. networks are directly linked to networks overseas, the Bush administration plans to engage other nations in the strategy.
The Presidents Critical Infrastructure Protection Board, which authored the strategy, is expected to recommend that the United States work closely with Canada and Mexico to create a North American safe cyber-zone, according to a draft of the report obtained last month by eWeek. Closer ties in the region could better ensure that vulnerabilities are identified quickly and could improve law enforcement collaboration.
The draft includes a recommendation that other countries designate single points of contact for cyber-security coordination. In the United States, Richard Clarke, special adviser to the president for cyberspace security and the CIPB chairman, holds the unofficial title of cyber-security czar, but in other countries, the responsibility is typically dispersed among several offices.
In France, for example, several national ministries collaborate in overseeing cyber-security initiatives, according to Michel Combot, telecommunications attache at the Embassy of France, in Washington. Similar models are in place elsewhere in Europe.
“It varies, and it is under evolution as well,” Jeannette Nielsen, science and technology attache at the Royal Danish Embassy, in Washington, said about the role of a cyber-czar in European Union member states. Although a single contact in each country for all cyberspace initiatives would likely be ineffective, it “would probably be useful in terms of handling IT security,” Nielsen said.
In the United States, legislation can be used if voluntary recommendations dont improve cyber-security, but promoting policy changes internationally requires other means. Already, the United States and Europe diverge in their approaches to some cyberspace initiatives, including privacy protection.
However, according to the draft document, the CIPBs global recommendations will largely reflect EU strategies already in place, including promoting the Council of Europes Convention on Cybercrime.
The proposed national strategy calls for global adoption of the COE Convention on Cybercrime, which the United States helped craft last year. According to the plan, the initiative could be used to bring cyber-security laws into harmony, making it easier to investigate cyber-attacks and prosecute crime.
An EU resolution adopted in January spelled out a cyber-strategy for the region, including the establishment of a cyber-security task force, which should be up and running by the middle of next year.
In addition, the EU is creating a European smart-card infrastructure, and by the end of next year, the EU Commission and member states will examine ways to establish a secure environment for exchanging classified government information.
The CIPB may also recommend the creation of an international alert network to identify vulnerabilities and prevent attacks, according to the draft of the strategy. The network would be developed by governments, nongovernmental organizations and the commercial sector to encourage information sharing.
“There are already extensive networks of collaboration,” Nielsen said. “The [EU] Cyber-Security Task Force would be a good platform for collaboration outward bound.”
- Few Tapped for Input on Bush Cyber-Strategy
- New Privacy Czar on Way
- Bush to U.S. Colleges: Send in the CIOs
- Bush to Call for Fed NOC
- Editorial: Security—The Feds Can Help