The Strategy was released by the President's Critical Infrastucture Protection Board (PCIPB), an Oval Office entity that brings together various Agency and Department heads to discuss critical infrastructure protection. Within the PCIPB is the National Security Telecommunications Advisory Council (NSTAC), a Presidentially sponsored coffee klatch comprised of CEOs that provide industry-based analysis and recommendations on policy and technical issues related to information technologies. There is also the National Infrastructure Advisory Council (NIAC) consisting of 30 private-sector 'experts' on computer security, yet nobody knows who these people are. Thus, a good portion of this Presidential Board is comprised of CEO-level people and a shadowy group of un-named experts, picked for their Presidential loyalty, campaign contributions, or visibility in the marketplace. Factor in Richard Clarke's team many of whom, including Clarke, are not technologists but career politicans and thinktank analysts and you've got the government's best effort at providing advice to the President on information security. (One well-known security expert I spoke with raised the question about creating a conflict of interest for people who sell to the government or stand to gain materially from policy decisions to act in advisory roles, something that occured during the Bush Administration's secret energy meetings.)
Although the Administration heralds this as the first "National Strategy" for cyberspace security, we need only reflect on the Clinton Administration's "National Plan for Information Systems Protection" from 2000, and the President's Commission on Critical Infrastructure Protection Reportfrom 1996 - like its predecessors - and despite the publicity push from the Administration - nearly all of what's in this Strategy isn't new, either in what it says or what it fails to say. In keeping with tradition, the Strategy "addresses" various security "issues" instead of directing the "resolution" of security "problems" tiptoeing around the problems instead of dealing with them head-on and demanding results.
Now that you know where the Strategy comes from, let's examine some
of its more noteworthy components.
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.