Strategy*

How a year's worth of work was undermined by an asterisk

. What's this?

By

September 26, 2002CSO — After nearly a year of work, the greatly anticipated draft National Strategy to Secure Cyberspace was released last week. It has been described as disappointing and toothless. This is far too kind. The draft National Strategy is a complete flop.

What could have been a serious, prescriptive force for national cybersecurity turned out to be a facile list of best practices. To wit: You should consider doing security audits; you should examine the security implications of emerging technologies; you should consider joining a public-private partnership. It reminds me of what my older brother said to me the night before I left for college, "Don't be stupid," advice that has the unique quality of being valid, obvious and useless all at the same time.

Worse still, the 60-page draft ends with a section called Summary of Recommendations* emphasis on the asterisk, which leads to the following affix:

*Note: The feasibility and cost effectiveness of these recommendations will vary across entities. Individual entities should take into account their particular and changing circumstances in choosing whether to apply them.

In other words, the report can't even bear to enforce its own patently obvious advice. You should consider eating your vegetables, unless you really don't want to. The whole thing was enough to make one observer who works for the government quip: "We need to figure out a way to identify the talented leaders and keep them away from Washington."

Pity Richard Clarke and Howard Schmidt, serious, well-meaning civil servants saddled with a constituency like technology vendors. The vendors, as you've heard by now, lobbied successfully to remove real prescription from the draftincluding truly officious recommendations like, You need to hire a chief privacy officer and You need to bundle personal firewalls with your Internet service.

The administration acceded. The fact that vendors stampeded to the news wires with applause for the draft was not a good sign. It was a red flag. The draft National Strategy tries to placate everyone and therefore helps no one.

The hypocrisy is stunning, and neatly summed up by Robert Holleyman, president and CEO of the Business Software Alliance, in a press release that applauded the draft Strategy. An ongoing concern of our industry has been to ensure that whatever technologies are deployed to protect content do not impede technological progress, increase the cost of software and computers to consumers, or erode the performance of computers.

The truth is, Holleyman is being unreasonable, and the vendors that agree with his position arent serious about security. Because national cybersecurity will cost. It will impede the kind of progress the software industry wants. (The kind of progress, incidentally, that got us to our current state of reckless insecurity). It will erode performance.

What is Tech Briefcase?
TechBriefcase is a new, free service where IT Professionals can Search, Store and Share IT white papers and content like this. Learn more
Bookmark content
Speed up your research efforts with content across the web.
Search and Store
Find the white papers you need. Create folders for any topic.
View Anywhere
Open your briefcase on your iPhone, tablet or desktop. Share with colleagues.
Don't have an account yet?
RESOURCE CENTER