Magazine article Security Management

A National Strategy for Securing Cyberspace. (Tech Talk)

Magazine article Security Management

A National Strategy for Securing Cyberspace. (Tech Talk)

Article excerpt

This month, the White House Office of Cyberspace Security will release the first draft of the national strategy for cybersecurity. The strategy, which has been in the works since last year, has been developed with the assistance of many information security professionals in the private sector, particularly those whose industries are part of the nation's critical infrastructure sectors, such as the chemical and energy sectors. The effort will be ongoing, however, even after the plan is formally issued; the policy is designed to be updated regularly as the threats to information security change and grow.

Tiffany Olson, the deputy chief of staff on the president's Critical Infrastructure Protection Board (CIPB), explains that the plan is divided into five levels: home users and small businesses; major enterprises; sectors of national information infrastructure (including local, state, and federal government); national level institutions and policies (including groups that oversee the mechanics of the Internet itself); and global. "In each section [of the strategy], we'll talk about some of the problems and issues surrounding that area, we'll talk about what's already in place, what's worked and what hasn't worked, and some of the new recommendations to improve that area," Olson says.

She says that the goal of the plan is to provide information and benchmarks, not to set up government control. "We are supportive of best-practices guidelines, which we will have in the national strategy, but in no way are we trying to regulate any of the sectors," she says. While she declined to name what particular benchmarks will be included in the strategy, she said that some are being taken from existing knowledge and some have been created for this initiative by industry professionals.

Scott Blake, vice president of information security at Internet security company BindView, worked with the Information Technology Association of America to get feedback for the plan from high-tech industries. He says that the plan will try to balance specific recommendations with broader issues. "It will be a mix of the two," he says. "It doesn't get to the level of specificity of something like the Center for Internet Security's benchmarks [which allow system administrators to measure the level of security of their operating systems], but it is more specific than saying 'We need to share information.' Rather, it will explain how to do it," he says.

Olson says that one of the most interesting ideas the board is working on is an assistance program to help small businesses beef up computer security, and she is meeting with the Small Business Administration to work out the details. …

Search by... Author
Show... All Results Primary Sources Peer-reviewed

Oops!

An unknown error has occurred. Please click the button below to reload the page. If the problem persists, please try again in a little while.