Bush to Call for Fed NOC

Presidential panel would create site for collecting and analyzing network traffic.

The Bush administration has plans to create a centralized facility for collecting and examining security-related e-mail and data traffic and will push private network operators to expand their data-gathering initiatives, according to an unreleased draft of the plan.

The proposed cyber-security Network Operations Center is included in a draft of the National Strategy to Secure Cyberspace, which was developed by the Presidents Critical Infrastructure Protection Board and is due for release Sept. 18.

The call for expanded data collection and analysis results from administration concerns that efforts to secure cyberspace are hampered by the lack of a single data-collection point to detect cyber-security incidents and issue warnings, according to a draft of the plan, which was obtained by eWeek.

Critics, however, worry that such a system would be expensive, difficult to manage and allow government agencies to expand their surveillance powers.

Other recommendations include requiring corporations to disclose their IT security practices, establishing a test bed for multivendor patches, creating a certification program for security personnel and mandating certifications for all federal IT purchases. (See chart for other proposals.)

According to the draft, the governments "forward-looking analysis" capabilities are considered sparse because of a shortage of information. The proposed center would improve capabilities for predicting cyber-security incidents as well as responding to hacker or terrorist threats.

Howard Schmidt, vice chairman of the CIPB, said the center would consolidate threat data from the countrys collection end points, such as the FBIs National Infrastructure Protection Center, the Critical Infrastructure Assurance Office, the Department of Energy and commercial networks.

Private companies would also be encouraged to increase the amount of data collected and share it with the government. "Major companies generally report this information internally," Schmidt told eWeek. "Were looking for that to come back to a central location."

According to the draft strategy, the public/private initiative would involve the major ISPs, hardware and software vendors, and IT security companies, in addition to law enforcement agencies.

Some said they believe the governments interdepartmental rivalries and information-sharing rules will hamstring any attempt at centralized collection and analysis. "There are such high barriers in government to being able to disseminate information and react to threats, I dont think it will have much impact," said William Harrod, director of investigative response at TruSecure Corp., in Herndon, Va., and a former FBI computer forensics specialist. "Theyll have different information coming in from different analysts, and theyll have to weed through it."