Home » Politics & Society » Technology & U.S. Politics » White House cyber-security plan cites big threats, offers little action

White House cyber-security plan cites big threats, offers little action

© Alan Kotok

Featured Course: Understanding American Combat Experiences in the Vietnam War

On 18 September, the President's Critical Infrastructure Protection Board released its draft National Strategy to Secure Cyberspace, a 65-page report with some 24 strategic goals and 80 recommendations. Coming one week after the first anniversary of the 11 September 2001 terrorist attacks, and amidst new arrests of terrorist suspects, the report offered a chance to rally the resources of the American private and public information technology (IT) industry to protect itself and users from cyber attacks. Instead, most of the report's recommendations offered guidelines for voluntary steps and little in the way of concrete requirements, timetables, or actions.

It's a risky world out there

The report cited a litany of serious threats facing the American IT infrastructure, which contrasts with the report's weak recommendations. The text describes how the country's manufacturing, utilities, financial, and communications enterprises have become increasingly dependent on IT for their most essential operations. Yet at the same time, security incidents occur daily, and are increasing in frequency, sophistication, and severity. The report notes that a common defense of cyberspace requires a response by both the public and private sectors, and everyone must act to secure their portion of real estate in cyberspace.

The threats outlined in the report are realistic, and include the potential for inside jobs as well as external attacks. The report also cites the need for organizations to identify and address vulnerabilities before they provide inviting targets for damaging attacks. In summing up response to these conditions, the report states, as a matter of national policy ...

"The United States will achieve and maintain the ability to protect our nation's critical infrastructures from natural events and intentional acts that would significantly diminish the abilities of:

"-- the Federal government to perform key homeland security and national security missions, and to ensure the general public health and safety;

"-- State and local governments to maintain order and to deliver essential public services; and,

"-- the private sector to ensure the orderly functioning of the economy and the delivery of essential infrastructure services."

A strange kind of partnership

How does the President's Critical Infrastructure Protection Board recommend implementing this policy? The Board recommends a partnership between the public and private sectors, which makes sense given, as the report notes, some 85 percent of the nation's critical infrastructure is owned by the private sector. But the Board's idea of partnership seems to rely almost entirely on the private sector to organize, fund, carry out the steps needed to protect its IT resources.

The copyright of the article White House cyber-security plan cites big threats, offers little action in Technology & U.S. Politics is owned by . Permission to republish White House cyber-security plan cites big threats, offers little action in print or online must be granted by the author in writing.