[ISN] Bush Approves Cybersecurity Strategy

From: InfoSec News (isnat_private)
Date: Sun Feb 02 2003 - 22:22:08 PST

  • Next message: InfoSec News: "[ISN] Linux Advisory Watch - January 31st 2003"

    Forwarded from: William Knowles <wkat_private>
    By Brian Krebs
    washingtonpost.com Staff Writer
    Friday, January 31, 2003; 1:03 PM 
    President Bush has approved the White House's long-awaited national
    cybersecurity strategy, a landmark document intended to guide
    government and industry efforts to protect the nation's most critical
    information systems from cyberattack.
    In an e-mail sent Thursday to White House officials, cybersecurity
    adviser Richard Clarke said that the National Strategy to Secure
    Cyberspace has received Bush's signature and will be released to the
    public in the next few weeks. The strategy has been in development
    since shortly after the Sept. 11, 2001, terrorist attacks.
    Bush signed the cybersecurity strategy nearly a week after the
    "Sapphire" Internet worm slowed Web traffic and disrupted bank cash
    machine services, airline flights and other critical parts of the
    Internet infrastructure.
    The strategy is expected to recommend steps industry and government
    can take to improve the nation's computer security posture. The
    majority of the document likely will direct the government to lead by
    example and tighten the security of federal information systems.
    Clarke on Thursday also confirmed media reports that he will resign
    after 30 years of public service. His deputy, Howard Schmidt, has
    assumed his duties, Clarke said.
    The nation's first cybersecurity "czar" used his e-mail to colleagues
    to warn once again that communications systems are vulnerable to
    attacks from many fronts.
    "With slight modifications, the results of the worm would have been
    more significant. More sophisticated attacks against known
    vulnerabilities in cyberspace could be devastating," Clarke wrote. "As
    long as we have vulnerabilities in cyberspace and as long as America
    has enemies, we are at risk of the two coming together to severely
    damage our great country."
    Schmidt, formerly chief security officer for Microsoft Corp., brings
    to the job a deep understanding of the need for industry and
    government to work together on cybersecurity, said Alan Paller,
    research director for the SANS Institute, a non-profit security
    research and training group.
    "He has one particularly valuable characteristic that no other federal
    security leader has in that he has actually fought the bad guys both
    in defending the networks at Microsoft and within the government,"  
    Paller said. "As long as people above him don't tie his hands behind
    his back, he could bring some wonderful initiatives for improving
    federal and Internet security."
    Schmidt also was a career military officer who directed the Air Force
    Office of Special Investigations, Computer Forensics Lab and Computer
    Crime and Information Warfare division.
    It remains unclear how Schmidt's cybersecurity role at the White House
    will tie in with the infrastructure protection responsibilities of the
    new Department of Homeland Security.
    "The real question is who's going to have their hands on the wheel on
    cybersecurity," said James Lewis, director for technology and public
    policy at the Center for Strategic and International Studies. "It's
    not clear where the board is going to fit into this new structure and
    how much influence it will have over the new department."
    The White House has so far been unable to fill top leadership posts at
    the Homeland Security department's division charged with protecting
    the Internet and other communications systems from attacks.
    The administration's first choice to run the Information Analysis and
    Infrastructure Protection Division was former Defense Intelligence
    Agency Director James Clapper.
    Clapper, a retired Air Force lieutenant and the head of the National
    Imagery and Mapping Center, unexpectedly pulled his name from
    John Tritak, former director of the Critical Infrastructure Assurance
    Office and pegged as the administration's pick for deputy
    undersecretary for infrastructure protection at the Homeland Security
    Department, is still a name under consideration, though he recently
    left the government.
    Another noted name in online security, Ron Dick, director of the FBI's
    cyber threat and warning bureau, has also resigned from government
    "Communications without intelligence is noise;  Intelligence 
    without communications is irrelevant." Gen Alfred. M. Gray, USMC
    C4I.org - Computer Security, & Intelligence - http://www.c4i.org
    ISN is currently hosted by Attrition.org
    To unsubscribe email majordomoat_private with 'unsubscribe isn'
    in the BODY of the mail.

    This archive was generated by hypermail 2b30 : Mon Feb 03 2003 - 01:26:09 PST