Homeland Security's vague cyber plan

By Anne Broache
Staff Writer, CNET News.com

Published: November 7, 2005, 11:00 AM PST

TalkBack E-mail Print TrackBack

A preliminary report released by the Department of Homeland Security seems to scatter cybersecurity responsibilities across the government and the private sector while sticking to generalities about future plans.

In its 175-page draft of the National Infrastructure Protection Plan (PDF), the department outlines a broad framework for protecting the nation's "critical infrastructure" and "key assets"--bureaucratic argot referring to everything from the power grid to dams to computer systems.

President Bush first commissioned the plan in December 2003, and the Department of Homeland Security released an early version in February. According to a notice announcing the document's availability, the latest version aims to provide greater detail.

The term "cybersecurity" appears 148 times the draft, and a 16-page appendix devoted to the topic offers some suggestions for threat analysis, response readiness and training.

But the rest is worded in terms of generalities. The plan asserts that cybersecurity responsibilities should ultimately lie with the Department of Homeland Security but also calls on state and local governments to come up with information security measures and to be aware of vulnerabilities in their systems. The report charges academia and research institutions with devising "best practices" for IT security and the private sector with ensuring that it is "satisfying cyberprotection standards."

Previous Next

The document suggests that work should be done through a "sector partnership model"--that is, informal advisory bodies composed of private-sector and governmental representatives from the same subject area. It proposes several lists of general actions that various sectors should take (for example, "set sector-specific security goals") and allocates deadlines from the adoption of the plan to accomplish them (in that particular case, 90 days).

The recommendations are often vague. For example, the suggestion that the Department of Homeland Security should lead and develop a "national cybersecurity exercise" to simulate responses to an attack is listed as an "ongoing" project with no deadline. And under a category referring to the steps the government should take to deal with "privacy and constitutional freedoms," the department lists no suggested actions.

Department of Homeland Security representatives did not respond to interview requests. The agency plans to accept comments on the proposal through Dec. 5.

TalkBack E-mail Print TrackBack

Read more on this story's topics and companies

• Add to My News | Create an alert Federal government
• Add to My News | Create an alert Security
• Add to My News | Create an alert Security threats
• Add to My News | Create an alert Government

TalkBack

Did you know?

Select a tab below to set your default view.