White House Finally Debuts Cybersecurity Plan
One of the key elements of the strategy is to establish a National Cyberspace Security Response System under the direction of the new Department of Homeland Security (DHS). According to the White House site, the DHS will establish uniform procedures for the "receipt, care and storage" by federal agencies of critical infrastructure information that is voluntarily submitted to the government.
In the early planning stages of the Bush plan, the private sector largely opposed information sharing about network threats because of fears that the information would eventually become public, concerns the White House says are addressed in the legislation that created the DHS.
"First, the legislation encourages industry to share information with DHS by ensuring that such voluntarily submitted data about threats and vulnerabilities in a manner that would damage the submitter," the strategy plan states. "Second, the legislation requires that the federal government share information and analysis with the private sector as appropriate and consistent with the need to protect classified and other sensitive national security information."
The plan also focuses on urging the private sector to improve IT training and to establish IT certification programs by creating like government initiatives as examples.
One of the first industry groups to publicly comment on the plan, the Computing Technology Industry Association (CompTIA), said in an official statement, "The National Strategy challenges our traditional focus on technology as the 'silver bullet,' and highlights more fundamental behavioral matters -- like IT training and certification -- that can make America's computer networks safer."
Tom Santaniello, CompTIA manager of U.S. public policy, said, "The recent 'Slammer Worm' attack reveals the importance of the human element in network security. The network weakness had been identified months earlier, and a patch was widely available to fix the problem. Unfortunately, few administrators chose to install it. In other words, though the technology was there, the human follow-up was not."