The White House has decided to delay the release of its long-awaited cyber-security plan in an effort to gain more input from industry executives and government officials.
Richard Clarke, chairman of the Presidents Critical Infrastructure Protection Board, has been planning for months to release the National Strategy to Secure Cyberspace Wednesday at a high-level event in Silicon Valley. But the board instead will release a draft of the strategy and will go back to private industry and public sector experts to seek more suggestions for the final plan, according to sources.
In a conference call late Tuesday, Clarke said that he decided to release the draft for public comment in an effort to garner support for its recommendations before the president signs it. “The reason is were not going to get the level of commitment and buy-in we need if we dont get comments,” Clarke said. “As important as the substance of the strategy is…the process is almost as important.”
Clarke also took issue with the notion that the board has been revising the draft and deleting recommendations in response to pressure from private industry lobbyists.
“Its a vast exaggeration that private industry lobbied for things to be taken out,” he said. “We have not been changing things up to now under pressure from anybody outside of government. Any changes [in the draft] will be informed by what everyone has to say about it.”
President Bush will appoint members to the National Infrastructure Assurance Council tomorrow, and they will have until Nov. 18 to submit input on the plan. After that input is considered and incorporated, Bush will release the plan himself.
The release of the draft still marks an important milestone in the plans development, as it will be the first time the strategy will be publicly available. Various people have seen small sections of the draft as it has evolved in recent months, but few have seen the entire document.
The plan was developed in part from suggestions provided by security experts, CEOs and others in several sectors of the economy, including banking and finance, insurance and health care.
As eWEEK first reported in a series of stories beginning last month, the draft strategy at one time included several controversial elements, including the establishment of a federal network operations center to gather and inspect data traffic from ISPs, a recommendation that businesses disclose their security efforts and the appointment of a national privacy czar to oversee the governments policies and compliance. Many of the proposals drew sharp criticism from security and privacy experts and industry executives.
The White House has since backed away from several of the proposals, including the privacy czar. The plan was also modified regarding a recommendation that ISPs give consumers personal firewall software when they sign up for broadband Internet service. The service providers complained that supporting millions of users unfamiliar with security technology would be an expensive logistical nightmare.
One of the recommendations in the draft that came directly from the private sector is a privately funded center through which all of the major ISPs and other organizations that have a view of the Internets health can share incident reports and data.
In addition to the release of the draft Wednesday, the FBI and the Secret Service will announce the establishment of several joint task forces across the country to investigate information security events. Also, the National Cyber Security Alliance will kick off an ad campaign aimed at boosting awareness about security issues, Clarke said.
And, each of the discrete sectors mentioned in the national strategy Wednesday will release its own industry-specific strategy.
Security experts say delaying the plans release is a good move in the long run, but the opportunity for public comment is something that should have come sooner.
“They went and solicited information and then compiled it and were going release it without any more input,” said Scott Blake, vice president of information security at BindView Corp., in Houston. “But at the same time they wanted people to be on board and support it. Not very many people were going to get on board and support something they havent read. This is a good thing, and it shouldve been the plan all along.”
The event at Stanford University in Palo Alto, Calif., will go ahead as planned Wednesday, though its unclear whether all of the high-ranking government officials and private-sector executives who were scheduled to attend will still make the trip for the release of a draft. (Editors note: This story has been edited since its original posting to include comments by Richard Clarke and newly released details of the draft strategy.)