White House "playing dirty" in IT Security Fight

[R. A. Hettinga]

http://www.washingtonpost.com/ac2/wp-dyn/A27682-2002Jun10?language=printer


washingtonpost.com

White House Stressing Unorthodox in IT Security Fight

Brian Krebs
washingtonpost.com Staff Writer
Monday, June 10, 2002; 6:50 PM


The Bush administration is playing "dirty" with the private sector in a
roundabout attempt to fortify the nation's computer security defenses, the
White House's cybersecurity czar said today.

Richard Clarke, the president's special adviser for cyberspace security,
said unorthodox approaches may be needed to get the attention of companies
that own and operate the infrastructure of the Internet yet do not respond
to the administration's self-regulatory, hands-off approach to
cybersecurity.

The administration has been talking to insurance firms about the idea of
writing cybersecurity insurance for companies, Clarke said, offering an
example of one carrot-and-stick approach.

The catch, however, is that the coverage would only be available to
companies that meet certain criteria developed by the insurance industry
and the private sector.

"Some of what we do may be a little dirty, but we're doing it," Clarke said
at the Networked Economy Summit in Reston, Va.

Clarke's office also has been quietly talking about the possibility of
fostering a private sector certification program for information technology
security companies.

"How do you know - when you hire an IT security company to do a
vulnerability assessment - that they know what they're doing?" Clarke
asked. "Maybe there should be an outside process to certify those vendors."

The proposals come as the Bush administration is preparing its "national
strategy" for protecting the nation's most vital computer networks from
cyberattack.

Clarke and his advisers have been conducting town meetings across the
country meetings to raise awareness about the issue, and last week his
group met with three dozen university officials to discuss their role in
protecting the nation's critical infrastructures and to gather input on the
administration's plan.

The White House had earlier said it would release its national plan by
mid-summer. But Clarke said today the release date would be pushed back to
the end of the summer or mid-September.

Administration officials are currently focused on realigning responsibility
for cybersecurity within the new proposed Homeland Security Department.

Clarke said the administration hopes the new cabinet-level agency will be
the future home of several federal cybersecurity programs, including the
FBI's National Infrastructure Protection Center, the Commerce Department's
Critical Infrastructure Assurance Office, the Government Services
Administration's FedCIRC, and the Defense Department's National
Communications System.

© 2002 TechNews.com



-- 
-----------------
R. A. Hettinga <mailto: rah at ibuc.com>
The Internet Bearer Underwriting Corporation <http://www.ibuc.com/>
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com