Toward Optimal Cyberspace Security

Solid middle ground has to be found-and soon.

On the eve of the planned unveiling of the national Strategy to Secure Cyberspace, the chairman of the Presidents Critical Infrastructure Protection Board, Richard Clarke, announced the "working draft" would be open to comment for 60 days, rather than being delivered in read-only form. "The process is almost as important" as the document, said Clarke. We think the process might be more important. Since hes asking for comment, heres our take.

The released draft waters down many provisions of a preliminary draft, a copy of which was obtained by eWeek reporters. On the whole, while the preliminary draft may have been too draconian, the draft as published was too weak. Some solid middle ground has to be found—and soon.

Thanks to the backlash to the pre-release draft, there were a number of changes, including the softening of calls for a federal NOC to monitor and collect security data, suggestions for security audits at private companies, and a move to prohibit most wireless LANs in federal agencies. Clearly, Clarke wants to spark discussion, rather than provoke reaction.

Other areas of the plan are getting less attention, but they bear consideration and revision, too. One proposal of questionable merit would require colleges and universities to become federal cyber-reporting agencies or risk losing federal funding. Also dubious are suggestions to gut the Freedom of Information Act and throwing unmitigated support behind the Council of Europes Convention on Cybercrime.

Clarke and his team must listen to the feedback but must have the courage to dismiss such unworkable efforts as the forced collection of public and private data, the creation of new privacy bureaucracies, and the layering of new reporting responsibilities on already strapped enterprise security personnel.

Enacting these measures might let the administration say, "See, we did something," but if they cant be put into practice effectively, they will create the illusion, not the reality, of security.

Its a form of progress, however, that Clarke admits the work is far from done and that he is, in effect, going back to the drawing board. We encourage all parties to lend their energy over the next two months to forging a better plan.