Computerworld - SANTA CLARA, Calif. -- Five industry/government task forces have delivered to the Department of Homeland Security specific action plans to achieve the cybersecurity goals outlined in the Bush administration's National Strategy to Secure Cyber Space.
After two days of meetings behind closed doors at the inaugural DHS National Cyber Security Summit here, the task forces emerged yesterday with lists of specific programs and initiatives officials said they hope to put in motion by March. The five categories covered include cybersecurity awareness, early warning, corporate governance, technical standards and secure software development and maintenance.
"We've moved from strategy to implementation," said Amit Yoran, director of the National Cyber Security Division at the DHS.
He characterized the summit as the first step on a long journey and warned the IT community that the threat of cyberterrorism means the nation's cybersecurity practitioners will need to think differently about how technology can be used against the country -- and to help protect its critical infrastructure.
Howard Schmidt, chief security officer at eBay Inc., served as co-chairman of the cybersecurity awareness task force. He outlined a broad plan to raise awareness about the importance of cybersecurity, including the development of a cybersecurity excellence award program for state and local governments, greater emphasis on computer ethics in K-12 school curriculums and a public safety announcement effort that focuses on individual responsibility.
The goal is "to instill a sense of civic duty in the home user community," said Schmidt. He compared the effort to the 1950s-era Cold War campaign to install bomb shelters in homes and schools.
Guy Copeland, special assistant to the CEO of Computer Sciences Corp. and co-chairman of the early-warning task force, said his group wants to have a detailed planning document ready by Dec. 17, although many difficult issues must still be tackled. For example, his task force wrestled with questions about what type of information is needed for early warnings and who should get that information. In addition, task force members questioned the type of information that can be collected, how long it can be maintained and who should have access to it.
With the ability to send out early cyber-warnings still uncertain, Copeland said the task force plans to tap into lessons learned by the Defense Department's Joint Task Force for Computer Network Defense, which has extensive experience conducting early-warning operations.
The challenge of cybersecurity goes far beyond technology, according to Art Coviello, president and CEO of RSA Security Inc. and co-chairman of the corporate governance task force. According to Coviello,
Free Insider GuideCopyright © 1994 - 2012 Computerworld Inc. All rights reserved. Reproduction in whole or in part in any form or medium without express written permission of Computerworld Inc. is prohibited. Computerworld and Computerworld.com and the respective logos are trademarks of International Data Group Inc.
