[ISN] Cyber strategy: A starting point

From: InfoSec News (isnat_private)
Date: Thu Sep 19 2002 - 02:45:28 PDT

  • Next message: InfoSec News: "[ISN] Warchalking is theft, says Nokia"

    By Diane Frank 
    Sept. 18, 2002
    The National Strategy to Secure Cyberspace that the Bush
    administration released today is a draft -- a roadmap that will become
    more detailed as comments are returned and expertise evolves within
    government and the private sector, according to the document.
    Parts of the draft strategy, developed by the Critical Infrastructure
    Protection Board in cooperation with the private sector, are more
    detailed than others. Recommendations for the federal government
    sector include:
    * That the CIO Council and relevant agencies consider creating a
      "cyberspace academy" to link federal cybersecurity and computer
      forensics training programs.
    * That the Office of Management and Budget establish an Office of
      Information Security Support Services within the proposed Homeland
      Security Department to pool security resources from across
      government to support smaller and less-experienced agencies.
    * That the government examine the idea of certifying private-sector
      security providers, based on the certifications being performed by
      the national security community. This could lead to limiting
      contract awards for security services to certified companies.
    The Critical Infrastructure Protection Board executive branch
    Information Systems Security Committee, the Office of Federal
    Procurement Policy and the Federal Acquisition Regulation Council are
    also examining how to improve security in the systems and solutions
    that agencies procure from vendors. They are reviewing the National
    Infrastructure Assurance Program's security accreditation process --
    as well as its mandated implementation at the Defense Department -- to
    determine the possible impact of extending the DOD requirement to
    civilian agencies.
    "The federal government recognizes that past efforts such as this have
    failed, but believes that the heightened level of government and
    consumer concerns over significant flaws in information technology
    products warrants renewed efforts," the draft states.
    That review will be completed by the fourth quarter of fiscal 2003.
    The committee also plans to examine the viability of establishing
    uniform security practices for different categories of programs and
    services, falling into high, medium and low levels of risk.
    The draft also includes recommendations developed by and for industry
    and academia, including:
    * That Internet service providers should consider adopting a "code of
      conduct" governing their security practices and interactions.
    * That colleges and universities should enhance their security
      capabilities by considering the establishment of one or more
      information sharing and analysis centers, empowering their chief
      information officers, adopting best practices, and creating model
      awareness and training materials.
    The entire draft strategy is available online at
    www.securecyberspace.gov, and the board is asking for comment through
    that Web site by Nov. 18. The board also plans to hold eight more town
    hall-style meetings across the country to solicit comment and
    reaction. All of that information will be incorporated into the draft
    to create a complete strategy that will be approved by President Bush.
    ISN is currently hosted by Attrition.org
    To unsubscribe email majordomoat_private with 'unsubscribe isn'
    in the BODY of the mail.

    This archive was generated by hypermail 2b30 : Thu Sep 19 2002 - 05:19:18 PDT