Forwarded from: William Knowles <wkat_private> http://www.washingtonpost.com/wp-dyn/articles/A6320-2003Jan31.html By Brian Krebs washingtonpost.com Staff Writer Friday, January 31, 2003; 1:03 PM President Bush has approved the White House's long-awaited national cybersecurity strategy, a landmark document intended to guide government and industry efforts to protect the nation's most critical information systems from cyberattack. In an e-mail sent Thursday to White House officials, cybersecurity adviser Richard Clarke said that the National Strategy to Secure Cyberspace has received Bush's signature and will be released to the public in the next few weeks. The strategy has been in development since shortly after the Sept. 11, 2001, terrorist attacks. Bush signed the cybersecurity strategy nearly a week after the "Sapphire" Internet worm slowed Web traffic and disrupted bank cash machine services, airline flights and other critical parts of the Internet infrastructure. The strategy is expected to recommend steps industry and government can take to improve the nation's computer security posture. The majority of the document likely will direct the government to lead by example and tighten the security of federal information systems. Clarke on Thursday also confirmed media reports that he will resign after 30 years of public service. His deputy, Howard Schmidt, has assumed his duties, Clarke said. The nation's first cybersecurity "czar" used his e-mail to colleagues to warn once again that communications systems are vulnerable to attacks from many fronts. "With slight modifications, the results of the worm would have been more significant. More sophisticated attacks against known vulnerabilities in cyberspace could be devastating," Clarke wrote. "As long as we have vulnerabilities in cyberspace and as long as America has enemies, we are at risk of the two coming together to severely damage our great country." Schmidt, formerly chief security officer for Microsoft Corp., brings to the job a deep understanding of the need for industry and government to work together on cybersecurity, said Alan Paller, research director for the SANS Institute, a non-profit security research and training group. "He has one particularly valuable characteristic that no other federal security leader has in that he has actually fought the bad guys both in defending the networks at Microsoft and within the government," Paller said. "As long as people above him don't tie his hands behind his back, he could bring some wonderful initiatives for improving federal and Internet security." Schmidt also was a career military officer who directed the Air Force Office of Special Investigations, Computer Forensics Lab and Computer Crime and Information Warfare division. It remains unclear how Schmidt's cybersecurity role at the White House will tie in with the infrastructure protection responsibilities of the new Department of Homeland Security. "The real question is who's going to have their hands on the wheel on cybersecurity," said James Lewis, director for technology and public policy at the Center for Strategic and International Studies. "It's not clear where the board is going to fit into this new structure and how much influence it will have over the new department." The White House has so far been unable to fill top leadership posts at the Homeland Security department's division charged with protecting the Internet and other communications systems from attacks. The administration's first choice to run the Information Analysis and Infrastructure Protection Division was former Defense Intelligence Agency Director James Clapper. Clapper, a retired Air Force lieutenant and the head of the National Imagery and Mapping Center, unexpectedly pulled his name from consideration. John Tritak, former director of the Critical Infrastructure Assurance Office and pegged as the administration's pick for deputy undersecretary for infrastructure protection at the Homeland Security Department, is still a name under consideration, though he recently left the government. Another noted name in online security, Ron Dick, director of the FBI's cyber threat and warning bureau, has also resigned from government service. *==============================================================* "Communications without intelligence is noise; Intelligence without communications is irrelevant." Gen Alfred. M. Gray, USMC ================================================================ C4I.org - Computer Security, & Intelligence - http://www.c4i.org *==============================================================* - ISN is currently hosted by Attrition.org To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY of the mail.
This archive was generated by hypermail 2b30 : Mon Feb 03 2003 - 01:26:09 PST