[ISN] White House rewriting core security policy document

From: InfoSec News (isn@private)
Date: Sun Nov 09 2003 - 22:31:02 PST

  • Next message: InfoSec News: "[ISN] Cyber terrorism not real: Gartner"

    http://www.computerworld.com/securitytopics/security/story/0,10801,86956,00.html
    
    Story by Dan Verton 
    NOVEMBER 07, 2003 
    COMPUTERWORLD
    
    WASHINGTON -- The Bush administration is rewriting the document that
    signaled the beginning of the federal government's efforts to deal
    with critical-infrastructure protection and cybersecurity to take into
    account post-Sept. 11 homeland security requirements.
    
    Signed by President Bill Clinton on May 22, 1998, Presidential
    Decision Directive-63 (PDD-63) made it the policy of the U.S.  
    government to lead a public/private partnership aimed at eliminating
    all major vulnerabilities to the nation's critical physical and cyber
    infrastructures. In addition to setting a 2003 deadline for the
    establishment of a defense against intentional cyberattacks aimed at
    critical infrastructure, PDD-63 also created the FBI's National
    Infrastructure Protection Center (NIPC) -- now part of the Department
    of Homeland Security -- and encouraged private-sector participation
    through information sharing and analysis centers (ISAC).
    
    Now the Bush administration is poised to release a version of that
    document that will be recast under the title Homeland Security
    Presidential Directive (HSPD).
    
    "The idea was to reflect the changes in the bureaucracy at the
    Department of Homeland Security [and to give] more importance to the
    ISACs," said Roger Cressey, former chief of staff at the President's
    Critical Infrastructure Protection Board. The document has already
    been reviewed by a committee of deputy agency secretaries, he said.
    
    It focuses on terrorist threats to the nation's vital economic
    infrastructures as a way to weaken the U.S. economy and damage public
    confidence. It also recognizes the DHS as the main agency at the
    federal level for critical-infrastructure protection and the need to
    coordinate security efforts with the private entities that own and
    operate more than 85% of the nation's critical infrastructures.
    
    The original document assigned private-sector liaison duties to eight
    federal agencies. The new one adds to that list the Department of
    Agriculture, the Nuclear Regulatory Commission and a yet-to-be
    determined position at the Transportation Security Administration to
    cover the transportation of hazardous materials.
    
    The rewrite also emphasizes identifying, cataloging and prioritizing
    the nation's critical systems with respect to how vital they are to
    the nation's economy and national security, as well as how vulnerable
    they are to terrorist attack.
    
    The revamped document also calls for the development by next March of
    a system to aid information sharing between federal, state and local
    government agencies and the private sector. The White House has also
    directed the DHS to establish a national indications and warning
    architecture to detect incidents that could point to a larger,
    coordinated attack against critical infrastructures.
    
    In a Nov. 6 letter to Paul Kurtz, special assistant to the president
    and senior director for critical-infrastructure protection at the
    White House, Harris Miller, president of the Arlington, Va.-based
    Information Technology Association of America, underscored the need
    for the new directive to "provide for an explicit role for the federal
    government as a supporter of industry's 'first responder' status."
    
    Miller also stressed the need for specific information-sharing
    controls so private-sector data is protected from inadvertent
    disclosure. And he called on the government to help provide security
    clearances for private-sector officials if government information on
    threats must remain classified.
    
    The draft of the new policy document has been circulating throughout
    the halls of government for more than six months. It wasn't clear
    whether the concerns of the ITAA and other industry groups will lead
    to major changes before the final document is released.
    
    
    
    -
    ISN is currently hosted by Attrition.org
    
    To unsubscribe email majordomo@private with 'unsubscribe isn'
    in the BODY of the mail.
    



    This archive was generated by hypermail 2b30 : Mon Nov 10 2003 - 03:41:59 PST