According to an unreleased draft plan prepared by the Bush administration, the president favors creating a centralized source for collecting and reviewing e-mail and data relating to cyber security. The new organization would collect threat data from the FBI's National Infrastructure Protection Center, the Critical Infrastructure Assurance Office, the Department of Energy and commercial networks, in addition to seeking private sector security data.
According to the draft strategy, the initiative would involve the major ISPs, hardware and software vendors, IT security companies, law enforcement agencies and computer emergency response teams.
The proposed plan, obtained by eWeek, is included in a draft of The National Strategy to Secure Cyberspace, which was developed by the president's Critical Infrastructure Protection Board. The plan is expected to be publicly released on Sept. 18.
According to eWeek, the plan calls for the private sector to increase its collection of threat data and share it with the government. The plan would have the FBI, Secret Service and Federal Trade Commission create a single system for corporations to report Internet fraud and extortion, illegal hacking, and unauthorized network intrusions. The administration wants the federal government to collect information from the private sector on cybercrime victims and network intrusions.
To alleviate fears of privacy litigation, the administration is proposing to create exemptions from Freedom of Information Act requirements and exemptions from anti-trust laws to reduce liabilities that might arise from private companies revealing information to federal, state and local law enforcement agencies.
The draft also recommends restricting the use of wireless technologies by federal agencies and requires private companies to disclose their IT security practices. The data would be used to build a "test bed" for security patches.
The Bush administration would also seek to mandate certification programs for government IT workers.