Modernizing Authentication — What It Takes to Transform Secure Access
The White House is leaking again. As has been its habit since announcing early last year it was drafting a National Strategy to Secure Cyberspace, the Bush Administration is again floating its proposals though the media before actually making a public announcement.
In its latest trial balloon, the Associated Press is reporting an internal draft of the plan, due to be released later this month, calls for watering the down the proposals to secure the nation's computer networks even further by reducing the initiatives by nearly half and eliminates an earlier version that called for the White House to regularly consult with privacy experts from the private sector.
According to the AP, the new draft calls for the new Homeland Security Department to develop plans for securing the country's networks. It also warns that the Administration reserves the right to engage in cyber warfare.
Whether the White House's final version of the plan actually includes those proposals is an open question. In the past, the Administration has repeatedly backed away from the proposals it originally leaked to the media.
Just last month, the White House scrambled to alleviate privacy violation fears raised by its proposal to build a monitoring system as an "early warning center" to track Internet use in the U.S. In that draft proposal, the Bush Administration would have required Internet service providers (ISPs) to build the system and to track their users.
Few details were released by the White House. The proposal immediately raised concerns from privacy advocates who said the idea may cross a line regarding current corporate and personal privacy laws.
In response to the privacy violation concerns, a Department of Homeland Security official said the administration does not plan to monitor what individuals do on the Internet, and Richard Clarke, the Bush administration's cybersecurity advisor, stressed that, "this early warning system would, if companies chose to create it, involve only highly aggregated information on the overall health of the Internet."
Even earlier versions of the plan called for a "privacy czar" and would have mandated corporations share their network security breaches with the government. In each case, the Bush Administration backed down after spelling out its proposals in various media outlets.
Finally, in September, after nearly a year of testing the waters, the White House released its first draft of its long awaited National Strategy for Securing Cyber Security. Written by a White House panel headed by Clarke, this early version of the plan proposed that businesses and private citizens, not the government, become protectors of the Internet.
"The worst case has not happened," Clarke said before a gathering of business leaders and press at Stanford University. "We're not creating regulation, not creating mandates. We want to do this through market forces."
The "recommendations, strategic goals, programs, discussion items and guidance" are aimed at five levels: the home user and small business; large enterprise; sectors of the economy; national issues and; global issues.
The 65-page plan incorporated more than 60 separate things that people can do to better protect themselves against online attack, such as changing passwords periodically and using firewalls and virus security software.