[ISN] Administration Pares Cyber-Security Plan

From: InfoSec News (isnat_private)
Date: Wed Sep 11 2002 - 01:59:54 PDT

  • Next message: InfoSec News: "Re: [ISN] Demand For Managed Security To Surge"

    http://www.washingtonpost.com/wp-dyn/articles/A59168-2002Sep9.html
    
    By Ariana Eunjung Cha
    Washington Post Staff Writer
    Tuesday, September 10, 2002; Page A04 
    
    As the White House moves to finalize a national plan to better secure
    cyberspace, high-tech firms and other companies are continuing a
    furious campaign to have some recommendations struck from the
    document.
    
    The administration no longer plans to recommend that Internet service
    providers such as America Online, MSN and EarthLink bundle firewall
    and other security technology with their software. Instead, it will
    ask ISPs to "make it easier" for home users to get access to such
    protections.
    
    It also does not plan to recommend that a privacy czar be appointed to
    oversee how companies make use of their customers' personal
    information, according to several people involved in drafting the
    document.
    
    A government official said the changes were made in hopes the plan
    would be adopted voluntarily by industry and not necessitate another
    layer of government regulation.
    
    Several companies have argued that if the government tells people what
    to buy and dictates how they should run their businesses, innovation
    will be squelched. But others said private industry was more concerned
    about the costs involved in carrying out the recommendations.  
    Businesses also worry about taking on new legal liability.
    
    "I've been really shocked at how companies have been acting in their
    own interest rather than in the national interest," said Allan Paller,
    director of the SANS Institute, a computer-security think tank and
    education center.
    
    Harris Miller, president of the Information Technology Association of
    America, which represents 500 companies, said the private sector is in
    no way trying to dilute the plan. It was the industry, in fact, that
    first suggested a plan be developed, he said.
    
    "The idea that industry is somehow a reluctant partner is inaccurate,"  
    Miller said.
    
    At about 150 pages, the National Strategy to Secure Cyberspace, which
    is scheduled to be released Sept. 18, remains a weighty document
    outlining about 80 new obligations for the government, companies,
    universities and even home computer users.
    
    The most extensive recommendations are for the government. The plan
    would restrict federal workers from using certain wireless
    technologies and mandate that agencies only purchase software that has
    been certified to be secure.
    
    One of the top priorities, according to one draft, is for the
    government and the private sector is to make sure computers that
    control major systems such as subways, nuclear reactors and dams are
    secure.
    
    Also under consideration are recommendations calling for the
    establishment of a center that would study computer viruses, worms and
    other security threats; an accreditation board that would certify
    security personnel; and a private-public program that would help pay
    for security enhancements for critical parts of the Internet,
    including the routers that direct traffic, as well as operating
    systems such as Windows, Linux and the Mac OS.
    
    Some drafts also outline plans for the collection and analysis of
    network data that pass through universities -- places often used as
    jumping-off points for cyber-attacks. The draft also includes a plan
    to educate home users on how to secure their computers.
    
    The national strategy is being compiled and analyzed by Richard A.  
    Clarke, director of the Office of Cyberspace Security, with input from
    a cross section of industry representatives, computer science experts
    and others.
    
    It is scheduled to be delivered to President Bush for his signature in
    the next week.
    
    
    
    -
    ISN is currently hosted by Attrition.org
    
    To unsubscribe email majordomoat_private with 'unsubscribe isn'
    in the BODY of the mail.
    



    This archive was generated by hypermail 2b30 : Wed Sep 11 2002 - 04:38:22 PDT