Close
  • Latest News
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Logo
Logo
  • Latest News
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Home Cybersecurity
    • Cybersecurity

    Cyber-Security Plan Counts on Private Sectors Input

    By
    Dennis Fisher
    -
    February 4, 2003
    Share
    Facebook
    Twitter
    Linkedin

      The forthcoming final version of the National Strategy to Secure Cyberspace will call for a comprehensive cybersecurity response system that will depend heavily on contributions from the private sector. The system, as described in the most recent draft of the document, will rely on a broad information-sharing program both inside and outside the federal government, and calls for the establishment of a separate office within the Department of Homeland Security to manage the information flow between government and industry, according to copies of the draft document reviewed by eWEEK.

      To facilitate this process, the strategy also recommends that the private sector develop one centralized network operations center “that could operate 24×7 to assess Internet health [and] complement the Department [of Homeland Securitys] centralized capability and the overall National Cyberspace Security Response System.”

      The strategy contemplates Homeland Security creating a “single point of contact for the federal governments interaction with industry and other partners” regarding major security incidents, information sharing, analysis, warning and recovery efforts.

      All of this would be coordinated by a new “infrastructure protection program office” that would handle the two-way flow of data between the private sector and the government, according to the draft plan. The office would also be responsible for determining how to store information regarding critical infrastructure protection that is voluntarily submitted by non-government organizations.

      Although the strategy repeatedly emphasizes the need to handle such data carefully, it also recommends several measures that are sure to draw the attention of privacy advocates and civil-liberties organizations. Among the directives are a provision requiring the Department of Justice to work with the Census Bureau to develop “better data about the victims of cybercrime and intrusions.”

      While there is considerable space given to the need for reducing the number of vulnerabilities in software products and in critical protocols and systems such as BGP (border gateway protocol), the Domain Name System and IP, the strategy makes little mention of how to go about fixing these problems, a key shortcoming, security experts say.

      “As we move to wireless everywhere and universal Web-control of appliances, if the government doesnt act quickly, millions of unprotected systems will by made available to any attackers who choose to use them,” said Alan Paller, director of research at The SANS Institute in Bethesda, Md. “It is unlikely that more than one million are needed for a large-scale sustained DDoS attack that disables most Internet traffic.”

      Cyber-Security Plan Counts on Private Sectors Input – Page 2

      This most recent draft of the national strategy is considered to be very similar to the final document that President Bush approved and signed recently, according to sources familiar with the process. The strategy is due for release within the next couple of weeks, although no exact date has been announced.

      The final version of the plan differs greatly from the preliminary draft released for comment by the Presidents Critical Infrastructure Protection Board in September under the direction of out-going PCIPB director Richard Clarke.

      The original draft was divided into five sections covering home users and small businesses, large enterprises, critical sectors, national priorities and global issues. The final version is organized along five cyberspace security priorities: a national cyberspace security response system, a national cyberspace security threat and vulnerability reduction program, a national cyberspace security awareness and training program, securing governments cyberspace, and international cyberspace security cooperation. Where the original draft was heavy on recommendations and suggestions, the final version uses much stronger language, in many cases issuing directives to various government agencies.

      The new document also removes much of the language in the original draft that advocated using so-called market forces to pressure software vendors to make their products more secure. Instead, it recommends that “the software industry should consider promoting more secure out-of-the-box installation and implementations of their products, including increasing user awareness of the security features in products, ease-of-use for security functions and where feasible, promotion of industry guidelines and best practices that support such efforts.”

      Interestingly, the new version also includes a section discussing the need for the United States to be able to respond to cybersecurity events in kind.

      “When a nation, terrorist group or other adversary attacks the United States through cyberspace, the U.S. response need not be limited to criminal prosecution,” the strategy says. “The United States reserves the right to respond in an appropriate manner, including through cyber warfare. The United States will be prepared for such contingencies.”

      Officials of the PCIPB did not return calls seeking comment.

      • Search for more stories by Dennis Fisher
      • Read more stories on President Bushs Cyber-Security Plan
      • Read more security stories
      Dennis Fisher

      MOST POPULAR ARTICLES

      Big Data and Analytics

      Alteryx’s Suresh Vittal on the Democratization of...

      James Maguire - May 31, 2022 0
      I spoke with Suresh Vittal, Chief Product Officer at Alteryx, about the industry mega-shift toward making data analytics tools accessible to a company’s complete...
      Read more
      Cybersecurity

      Visa’s Michael Jabbara on Cybersecurity and Digital...

      James Maguire - May 17, 2022 0
      I spoke with Michael Jabbara, VP and Global Head of Fraud Services at Visa, about the cybersecurity technology used to ensure the safe transfer...
      Read more
      Cloud

      IGEL CEO Jed Ayres on Edge and...

      James Maguire - June 14, 2022 0
      I spoke with Jed Ayres, CEO of IGEL, about the endpoint sector, and an open source OS for the cloud; we also spoke about...
      Read more
      Applications

      Cisco’s Thimaya Subaiya on Customer Experience in...

      James Maguire - May 10, 2022 0
      I spoke with Thimaya Subaiya, SVP and GM of Global Customer Experience at Cisco, about the factors that create good customer experience – and...
      Read more
      Big Data and Analytics

      GoodData CEO Roman Stanek on Business Intelligence...

      James Maguire - May 4, 2022 0
      I spoke with Roman Stanek, CEO of GoodData, about business intelligence, data as a service, and the frustration that many executives have with data...
      Read more
      Logo

      eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site’s focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Advertisers

      Advertise with TechnologyAdvice on eWeek and our other IT-focused platforms.

      Advertise with Us

      Menu

      • About eWeek
      • Subscribe to our Newsletter
      • Latest News

      Our Brands

      • Privacy Policy
      • Terms
      • About
      • Contact
      • Advertise
      • Sitemap
      • California – Do Not Sell My Information

      Property of TechnologyAdvice.
      © 2022 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

      ×