Protection plan awaits White House revisions

The Bush administration has been working for months to refine the strategy for protecting the government's critical infrastructure, moving to update President Clinton's 1998 outline in Presidential Decision Directive 63 to reflect current problems and solutions.

White House officials plan to soon issue a new executive order outlining a board comprising officials across government, said Richard Clarke, national coordinator for security, infrastructure protection and counterterrorism at the National Security Council. But already, several policies are under development at the NSC in the PDD 63 arena that could affect security practices across government. Those policies could include physically removing the most critical federal systems from public access on the Internet to provide the best possible protection, he said.

Obtaining and retaining trained and experienced professionals for critical infrastructure protection is a challenge for agencies. They can rely on industry for some of that expertise, "but there must be a core...that are capable, literate in [information technology] security and able to manage the outsourcing," Clarke said.

Attempts to remedy that problem started this fall when the first set of students entered the Scholarship for Service program, an initiative set up under Clinton's National Plan for Information Systems Protection. In the program, students in the information security field receive full scholarships in return for at least two years of service in the federal government.

The NSC is also considering requiring a basic level of security in all IT products bought by the government, Clarke said. In the 1980s, the Defense Department developed the Trusted Computer System Evaluation Criteria, better known as the Orange Book, to set procurement standards. Not many organizations followed the standards because few products went through the evaluation, but that does not mean procurement standards are a bad idea, Clarke said.

"We need to look again, not give up on the notion of the federal government leading the market just because it didn't work in the past," Clarke said.