Today the White House releases its long-awaited "National Strategy To Secure Cyberspace." This high-level blueprint document (black/white or color), in-development for over a year by Richard Clarke's Cybersecurity team, is the latest US government plan to address the many issues associated with the Information Age.

The Strategy was released by the President's Critical Infrastucture Protection Board (PCIPB), an Oval Office entity that brings together various Agency and Department heads to discuss critical infrastructure protection. Within the PCIPB is the National Security Telecommunications Advisory Council (NSTAC), a Presidentially sponsored coffee klatch comprised of CEOs that provide industry-based analysis and recommendations on policy and technical issues related to information technologies. There is also the National Infrastructure Advisory Council (NIAC) consisting of 30 private-sector 'experts' on computer security, yet nobody knows who these people are. Thus, a good portion of this Presidential Board is comprised of CEO-level people and a shadowy group of un-named experts, picked for their Presidential loyalty, campaign contributions, or visibility in the marketplace. Factor in Richard Clarke's team ­many of whom, including Clarke, are not technologists but career politicans and thinktank analysts ­ and you've got the government's best effort at providing advice to the President on information security. (One well-known security expert I spoke with raised the question about creating a conflict of interest for people who sell to the government or stand to gain materially from policy decisions to act in advisory roles, something that occured during the Bush Administration's secret energy meetings.)


Although the Administration heralds this as the first "National Strategy" for cyberspace security, we need only reflect on the Clinton Administration's "National Plan for Information Systems Protection" from 2000, and the President's Commission on Critical Infrastructure Protection Reportfrom 1996 - like its predecessors - and despite the publicity push from the Administration - nearly all of what's in this Strategy isn't new, either in what it says or what it fails to say. In keeping with tradition, the Strategy "addresses" various security "issues" instead of directing the "resolution" of security "problems" tiptoeing around the problems instead of dealing with them head-on and demanding results.

Now that you know where the Strategy comes from, let's examine some

of its more noteworthy components.