Bush cybersecurity strategy to be a living document

Computerworld - Howard Schmidt, vice chairman of the president's Critical Infrastructure Protection Board, attended the fourth and final White House-sponsored "town hall meeting" on cybersecurity last night in Atlanta before the release in September of the next version of the National Strategy to Secure Cyberspace.
During his presentation to a packed auditorium of local security administrators, CIOs, educators and legal professionals, Schmidt described what he characterized as the unique aspects of the Bush plan. Unlike other government planning documents, including a previous version of the national cybersecurity strategy released in 2000 by the Clinton administration, the Bush plan "is intended to be an online version," said Schmidt.
"It's designed to be a plug-and-play type document," he said. "If we make mistakes, we can pull that piece out and replace it in Internet time."
In addition, the Bush strategy will be to reach beyond corporate and government users to include home users. Responding to questions from the audience, Schmidt said that home users will be able to tap into the flow of information about IT vulnerabilities. The document will also include specific sections by experts from various critical sectors of the economy, such as banking and finance, electric power, telecommunications and emergency services.
Tom Noonan, CEO of Internet Security Systems Inc. and a panel member at the meeting, said the session lasted well beyond the two hours originally scheduled. He noted a "genuine, albeit skeptical, interest in participating in a public/private partnership."
Noonan said legal issues surrounding the Freedom of Information Act and the threat of inadvertent disclosure of proprietary information remains a major obstacle to getting most companies to work with the government. "That's a structural issue we have to address," said Noonan. "The law has to be fundamentally rethought. And that doesn't happen in Washington overnight."
"This goes beyond a Department of Defense issue or an FBI issue," Schmidt said last night. "We've seen an ever-increasing number of attacks on our critical infrastructure." If the national strategy is to succeed, "it will take the coordinated efforts of [government, military and private-sector companies], as well as the state and local [agencies]," he said.
Schmidt reiterated what Richard Clarke, chairman of the Critical Infrastructure Protection Board, has said repeatedly: The administration does not plan to impose more regulations on companies to improve Internet security. "We believe the market will drive itself," said Schmidt.
Mary Guzman, senior vice president and regional e-business practice manager at Marsh Inc., a New York-based insurance firm, attended the meeting and pointed to drawbacks with the administration's approach to