US government released the report Friday. The president says this about that:
- My Fellow Americans:
The way business is transacted, government operates, and national defense is conducted have changed. These activities now rely on an interdependent network of information technology infrastructures called cyberspace. The National Strategy to Secure Cyberspace provides a framework for protecting this infrastructure that is essential to our economy, security, and way of life.
In the past few years, threats in cyberspace have risen dramatically. The policy of the United States is to protect against the debilitating disruption of the operation of information systems for critical infrastructures and, thereby, help to protect the people, economy, and national security of the United States. We must act to reduce our vulnerabilities to these threats before they can be exploited to damage the cyber systems supporting our Nation’s critical infrastructures and ensure that such disruptions of cyberspace are infrequent, of minimal duration, manageable, and cause the least damage possible.
Securing cyberspace is an extraordinarily difficult strategic challenge that requires a coordinated and focused effort from our entire society – the federal government, state and local governments, the private sector, and the American people. To engage Americans in securing cyberspace, a draft version of this strategy was released for public comment, and ten town hall meetings were held around the Nation to gather input on the development of a national strategy. Thousands of people and numerous organizations participated in these town hall meetings and responded with comments. I thank them all for their continuing participation.
The cornerstone of America’s cyberspace security strategy is and will remain a public-private partnership. The federal government invites the creation of, and participation in, public-private partnerships to implement this strategy. Only by acting together can we build a more secure future in cyberspace.
- the Bush administration sees its role largely as a cheerleader, encouraging businesses to keep their networks secure and supporting publicity campaigns to encourage greater individual use of antivirus software, firewalls and other security tools.
“In general, the private sector is best equipped and structured to respond to an evolving cyber threat,” the report says. “A federal role … is only justified when the benefits of intervention outweigh the associated costs.”
The White House released the plan with little fanfare, reflecting the fact that its primary architect, former cybersecurity advisor Richard Clarke, resigned his post abruptly two weeks ago.
Privacy advocates have worried the plan could lead to Big Brother-type surveillance online, while software makers and other businesses have feared increased liability and excessive regulation.
Security experts, meanwhile, say the state of online security will remain dismal as long as businesses do not make it a priority and have criticized preliminary versions of the plan as toothless.
….The report places many government responsibilities within the Department of Homeland Security. The new department is expected to lead a response when cyberattacks occur, set up programs to develop a more tech-savvy work force and encourage business sectors like banking and utilities to bolster security standards on their own.
The Commerce Department is directed to encourage the development of a next-generation Internet numbering standard known as IPv6, while the FBI, Defense Department and other intelligence agencies are encouraged to track down cyberattacks and possibly strike back.
“When a nation, terrorist group, or other adversary attacks the United States through cyberspace, the U.S. response need not be limited to criminal prosecution,” the report says. “The United States reserves the right to respond in an appropriate manner.”