A Split Reaction To Bush's Cybersecurity Strategy - InformationWeek
02:00 PM

A Split Reaction To Bush's Cybersecurity Strategy

The draft document reads like a request for individual responsibility. That's just fine for some and too weak for others.

The Bush administration's draft recommendations, "A National Strategy To Secure Cyberspace," have been met with mixed reviews from the information-security industry. As reported last week by InformationWeek, instead of mandates and government regulation, the draft reads more like a request that companies, agencies, and individuals take responsibility for their systems and work with the government when necessary to ensure that critical systems remain unbreached and running.

That's fine with chief security officers. "I was afraid we were going to be told we'd have to report breaches and attacks against our systems to the federal government. That's something we're not inclined to want to do," says one CSO, who asked not to be identified.

While sources familiar with the recommendations say there was nothing in earlier versions that would have called for businesses to report cyberattacks and breaches to the government, the draft released this week does call for ways federal agencies "should identify and remove barriers to public-private information sharing and promote the timely two-way exchange of data to promote increased cyberspace security."

"The government cannot dictate. The government cannot mandate. The government cannot alone secure cyberspace," said Richard Clarke, special adviser for cyberspace security, at the unveiling of the strategy at Stanford University.

While execs seemed relieved with the lack of mandates, some experts criticized the plan, saying the government needs to establish both incentives for companies that invest in security and punishment for those that don't. "Mandatory reporting by the government to some central authority with meaningful sanctions" is needed, says Mark Rasch, former Department of Justice computer-crime prosecutor. Rasch, now an attorney specializing in the legal aspects of information security, cited tax incentives as one incentive.

John Pescatore, a security analyst with Gartner, says the plan offers useful guidance on strategy and best practices but too few details on tactics. Pescatore would like to see reports about steps businesses have taken to secure their systems, much the way they had to report Y2K remediation efforts. "Only then will you bring accountability to the board," he says.

Not surprisingly, security and software vendors mostly applaud the draft. Scott Charney, chief security strategist at Microsoft, says he's all for the government giving the public a two-month window to comment on the strategy before any plan is finalized. Charney says he hopes the government will take recommendations from the private sector seriously as the strategy solidifies.

Gene Hodges, president of Network Associates, says Clarke "is walking a fine line between patting people on the back and kicking them in the behind."

The draft recommendations can be seen at www.whitehouse.gov/pcipb.

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
2017 State of IT Report
2017 State of IT Report
In today's technology-driven world, "innovation" has become a basic expectation. IT leaders are tasked with making technical magic, improving customer experience, and boosting the bottom line -- yet often without any increase to the IT budget. How are organizations striking the balance between new initiatives and cost control? Download our report to learn about the biggest challenges and how savvy IT executives are overcoming them.
Register for InformationWeek Newsletters
White Papers
Current Issue
Top IT Trends for 2018
As we enter a new year of technology planning, find out about the hot technologies organizations are using to advance their businesses and where the experts say IT is heading.
Twitter Feed
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Flash Poll