Computerworld - The hard lessons of Sept. 11 are never far away, and now they have been sprinkled throughout the Bush administration's draft strategy to defend cyberspace.
Released yesterday (see story), the National Strategy to Secure Cyberspace takes key lessons learned from the destruction of critical digital infrastructure in New York last year -- as well as the results of various government-sponsored exercises focused on critical-infrastructure interdependencies -- and wraps them into several recommendations that integrate physical and network security requirements.
"Owners and operators of information system networks and network data centers should consider developing remediation and contingency plans to reduce the consequences of large-scale physical damage to facilities supporting such networks," the report recommends. The terrorist attacks underscored for many officials the need to consider physical security as another arm of cybersecurity, with one senior administration official calling the damage inflicted on the communications networks owned and operated by Verizon Communications in Manhattan "the most significant challenge that the National Communications System had ever seen."
The recommendation is also important given the fact that months after the attacks, a survey of 459 CIOs by Ernst & Young International found that just 53% of companies had business continuity plans, and less than half had IT security awareness and training programs for employees.
On the cyberterrorism and information warfare front, the strategy urges federal law enforcement agents to work with national security and intelligence agencies to "develop a system to detect a national cyberattack (cyberwar) and a plan for immediate response." Although such a recommendation represents a daunting challenge, it is very timely given current tensions with Iraq and the possibility of war, experts said.
"Every U.S. military initiative over the past several years has been matched by a surge in aggressive cyberactivity," said Steven Aftergood, a defense and intelligence analyst at the Federation of American Scientists in Washington. "It would be surprising if the same pattern did not recur in the event of a U.S. strike against Iraq."
One target of sophisticated terrorist groups or state-sponsored cyberwarriors could be the real-time control systems, known as Supervisory Control and Data Acquisition (SCADA) systems, that manage everything from the flow of electricity to natural gas and oil pipelines. The draft national strategy labels the security of SCADA systems a "high priority" for both the government and private sector, and calls for the development of secure authentication capabilities within two years.
David Kepler, corporate vice president and CIO of The Dow Chemical Co., acknowledged the importance of security for real-time process control systems. "The synergy
Free Insider GuideCopyright © 1994 - 2012 Computerworld Inc. All rights reserved. Reproduction in whole or in part in any form or medium without express written permission of Computerworld Inc. is prohibited. Computerworld and Computerworld.com and the respective logos are trademarks of International Data Group Inc.
