Home, Contact Us, Site Map

home: portfolio:

Bush Administration Rewriting Cyber Security Plan

COMPUTERWORLD  May 15, 2001
By Patrick Thibodeau

WASHINGTON  Bush administration officials today said they've started rewriting the federal government's plan for protecting critical technology infrastructures in the U.S., claiming that the existing plan is flawed and offers little help to companies seeking to strengthen their IT security defenses.

The administration hopes to strengthen the infrastructure protection plan by relying heavily on input from the private sector, according to the officials. The White House added that it wants to avoid new security-related regulations, but warned that Congress could take regulatory action if U.S. companies fail to protect themselves.

"The preferred approach is to promote market [actions] rather than regulatory solutions," said Kenneth I. Juster, undersecretary for export administration at the U.S. Department of Commerce.

The Clinton administration released a national plan for protecting critical IT infrastructure two years ago. A key part of the plan was a call for private sector cooperation through a series of industry-specific Information Sharing and Analysis Centers (ISACs), which companies can use to share incident reports and information about security trends. ISACs have been set up thus far in the banking, electricity, telecommunications and technology industries.

But Juster contended at a forum sponsored by The Institute of Internal Auditors at the U.S. Chamber of Commerce today that the Clinton plan was written mainly by bureaucrats and "could not be translated into business terms that corporate boards and senior management could understand, such as shareholder value, operational survivability, customer relations and public confidence in the company."

"Only when infrastructure concerns are translated into tangible business concerns will [companies] respond effectively," Juster said. Richard Clarke, national coordinator for security, infrastructure protection and counter terrorism, added that the Clinton plan "lacked the reservoir of knowledge" that private sector executives could provide.

Juster, Clarke and other Bush administration officials said they've already begun talking to companies in industries such as financial services, oil and gas, electricity and transportation and to technology vendors to seek help in preparing a new national plan. Their goal is to complete the new plan by the end of this year, they added.

Some attendees at the conference said they welcomed the new approach, but there were some caveats. "The biggest challenge is that things change so fast," said William Mair, president of Information Assurance Associates, a consultancy in St. Charles, Ill. "What is an effective solution one month is less reliable six months later."

Sharon Lee Thompson, director of IT auditing at the AARP in Washington, said she agrees with administration's goal of getting more corporate users involved in formulating a technology protection plan. But, she added, the new plan's value will depend on how it's put together and whether it has possible use "as a model for my organization."


   2008 Fred H. Hutchison. All Rights Reserved.

Edited on: May 19, 2006