In an effort to bolster the nations cyber-security, the Bush administration has plans to create a centralized facility for collecting and examining security-related e-mail and data and will push private network operators to expand their own data gathering, according to an unreleased draft of the plan.
The proposed cyber-security Network Operations Center is included in a draft of The National Strategy to Secure Cyberspace, which was developed by the presidents Critical Infrastructure Protection Board with input from the private sector and is due to be released Sept. 18.
The call for expanded data collection and analysis results from administration concerns that efforts to secure cyber-space are hampered by the lack of a single point of data collection to detect cyber-security incidents and issue rapid warnings, according to the draft strategy, obtained by eWEEK. Critics, however, worry that such a system would be expensive and difficult to manage, and would allow government agencies to expand their surveillance powers.
Other recommendations include restricting the use of wireless technologies by government agencies; requiring corporations to disclose their IT security practices; establishing a "test bed" for multivendor patches; creating a certification program for security personnel; and mandating certifications for all federal IT purchases.
Howard Schmidt, vice chairman of the PCIPB, said that the center would consolidate threat data from the countrys collection end points, such as the FBIs National Infrastructure Protection Center, the Critical Infrastructure Assurance Office, the Department of Energy and commercial networks. Private companies would be encouraged to increase the amount of data collected and share it with the government.
"Major companies generally report this information internally," Schmidt told eWEEK. "Were looking for that to come back to a central location."
According to the draft strategy, the public/private initiative would involve the major ISPs, hardware and software vendors, IT security companies, and Computer Emergency Response Teams, in addition to law enforcement and other agencies.