Bush Administration Releases Draft Cybersecurity Plan


The Bush Administration unveiled a much-anticipated draft plan for securing cyberspace during an event Wednesday at Stanford University, where a host of public and private sector officials spoke on the subject.

The National Strategy to Secure Cyberspace, created by the president's Critical Infrastructure Protection Board, included roughly 80 recommendations in the plan on how home users, small businesses, large enterprises, universities and the federal government can secure the Internet.

The board had been planning to release its final recommendations at the event, but instead decided to release a draft version in order to get more public comment, officials said.

The document will be available at www.securecyberspace.gov for comment until Nov. 18, after which the board will forward a final plan to President Bush for approval.

"We are providing a draft for comment so everyone in the country can see it and tell us what they think the national strategy should be," said Richard Clarke, board chairman and President Bush's special adviser on cyberspace security.

He said the "unprecedented" plan, which supplements the Homeland Security Strategy and National Security Strategy, is intended as a road map for helping Americans secure the Internet.

Howard Schmidt, board vice chairman, said the strategy is not about government regulation to secure cyberspace. Securing the Internet requires participation from the private sector, and the strategy emphasizes a public-private partnership, he said.

Speakers at Wednesday's event included FBI Director Robert Mueller, Federal Trade Commissioner Orson Swindle and executives representing the energy, banking and transportation industries.

Some of the recommendations in the draft plan include:

  • Development of a clearinghouse for promoting more effective software patch implementation;

  • A request that the software industry consider more secure out-of-the-box installation and implementation of its products;

  • A removal of impediments to information sharing about cyberspace vulnerabilities between the public and private sectors; and

  • Making federal agencies aware of risks associated with wireless technologies and take precautions.

    Security vendors, including Internet Security Systems and Symantec, weighed in Wednesday with their support for the cybersecurity plan.

    Solution providers also voiced support for the plan. Doug Goodall, president and CEO of RedSiren and vice chairman of the Internet Security Alliance, said the strategy is a dramatic step is raising awareness of cybersecurity.

    "By doing the study and coming up with strategy, what they've done first is clearly increased awareness that cybersecurity is becoming as real of a business issue and risk management issue as physical security," he said.

    "Once we have general awareness of those issues, we can move to understanding and being knowledgeable about them and then move to action to deal with them," he said.