Channel Weighs Impact Of Federal Cybersecurity Plan
"I don't expect this to change the world," said Ed Skoudis, vice president of ethical hacking, incident response and digital forensics at Predictive Systems, a New York consulting firm. "It will be a nice milepost, but not a changing of anybody's fundamental assumptions or security stances."
President Bush's plan, the National Strategy to Secure Cyberspace, is expected to include dozens of recommendations on ways that federal agencies, companies, universities and home users can improve Internet security. Top U.S. officials are expected to introduce the plan on Wednesday at Stanford University.
\
Bush security advisor Richard Clarke says plan is intended as a 'road map.'
"I think it will be very high level, and there will be a lot of talk about partnerships between the government and industry. That's all great until someone has to write a check," said Ken Ammon, president and CEO of Netsec, a Herndon, Va.-based solution provider.
It's difficult for the government to affect the commercial sector in the area of information security, Ammon said. "If the government focuses on practicing what it preaches, that would be a first step," he said.
The federal cybersecurity plan is a "monumental work" that will recommend practices and technologies that businesses, universities and others can adopt to improve their data security, said Michael Aisenberg, director of public policy at VeriSign, a Mountain View, Calif.-based digital security vendor that has worked with various government agencies.
"The approach of this report will say that the first line of responsibility for improving cybersecurity comes from those who own and operate those networks, not from the government," Aisenberg said.
Richard Clarke, the president's special adviser on cybersecurity, told attendees at the Black Hat security conference in July that the National Strategy to Secure Cyberspace was developed with input from experts in various industry sectors. Clarke is expected to attend the plan's launch.
The strategy is "meant to be a road map and change over time as the threats and technologies change," Clarke said.