New strategy to expand focus

Executive Order establishing the Critical Infrastructure Protection Board

The national strategy that the White House plans to release Sept. 18 will be the first that includes strategic goals for every sector — ranging from home users to global issues — according to a summary released today. It also will detail 18 national priorities that include coordinating research and development and increasing information sharing.

The national strategy — titled the National Strategy to Secure Cyberspace — is a companion to the National Strategy for Homeland Security that was released in July by Tom Ridge, director of the Office of Homeland Security.

The document is split into five sections: home user and small business; large enterprises; sectors, including government, private industry and academia; national issues and efforts; and global issues.

Each section will lay out strategic goals for that set of users or issue and will highlight ongoing programs, recommendations and topics of discussion to further develop the strategic goals.

"The federal government will help facilitate the evolution of these discussions so they become recommendations," the summary states. "Recommendations will, in turn, become ongoing programs once they gain the necessary support and approval."

The 18 national priorities are all high-level issues that must be addressed for all sectors, but some are more complex than others. They include:

* Fostering the development of secure and robust mechanisms to enhance the Internet.

* Identifying the most critical digital control, supervisory control and data acquisition systems.

* Coordinating the information security research and development agenda.

* Increasing the voluntary sharing of information security data between the public and private sectors, as well as among private-sector entities.

* Improving the speed, coverage and effectiveness of vulnerability remediation through improving tools and practices, and eventually by reducing the vulnerabilities in information systems.

* Developing a national standard for certification of information security professions.

* Considering the creation of a cyberspace network operations center — that will be run by major Internet service providers, manufacturers and other private-sector groups — to identify Internet attacks.

The national strategy expands the federal focus of the Clinton administration's National Plan for Information Systems Protection, released in January 2000. The Critical Infrastructure Protection Board — and before that, the federal entities that make up the board — will continue to work with industry, academia and citizens to develop the strategy.

President Bush formed the Critical Infrastructure Protection Board in October 2001 to pick up the work on the National Strategy to Secure Cyberspace that had been under way since early 2000.