Skip to main content /TECH with /TECH


Bush team rewriting national IT protection plan


By Patrick Thibodeau

(IDG) -- Bush administration officials Tuesday said they've started rewriting the federal government's plan for protecting critical technology infrastructures in the U.S., claiming that the existing plan is flawed and offers little help to companies seeking to strengthen their IT security defenses.

The administration hopes to strengthen the infrastructure protection plan by relying heavily on input from the private sector, according to the officials. The White House added that it wants to avoid new security-related regulations, but warned that Congress could take regulatory action if U.S. companies fail to protect themselves.

"The preferred approach is to promote market [actions] rather than regulatory solutions," said Kenneth I. Juster, undersecretary for export administration at the U.S. Department of Commerce. INFOCENTER
Related Stories
Visit an IDG site search

The Clinton administration released a national plan for protecting critical IT infrastructure two years ago. A key part of the plan was a call for private sector cooperation through a series of industry-specific Information Sharing and Analysis Centers (ISACs), which companies can use to share incident reports and information about security trends. ISACs have been set up thus far in the banking, electricity, telecommunications and technology industries.

But Juster contended at a U.S. Chamber of Commerce forum here today that the Clinton plan was written mainly by bureaucrats and "could not be translated into business terms that corporate boards and senior management could understand, such as shareholder value, operational survivability, customer relations and public confidence in the company."

"Only when infrastructure concerns are translated into tangible business concerns will [companies] respond effectively," Juster said. Richard Clarke, national coordinator for security, infrastructure protection and counterterrorism, added that the Clinton plan "lacked the reservoir of knowledge" that private sector executives could provide.

Juster, Clarke and other Bush administration officials said they've already begun talking to companies in industries such as financial services, oil and gas, electricity and transportation and to technology vendors to seek help in preparing a new national plan. Their goal is to complete the new plan by the end of this year, they added.

Some attendees at the conference said they welcomed the new approach, but there were some caveats. "The biggest challenge is that things change so fast," said William Mair, president of Information Assurance Associates, a consultancy in St. Charles, Ill. "What is an effective solution one month is less reliable six months later."

Sharon Lee Thompson, director of IT auditing at the AARP in Washington, said she agrees with administration's goal of getting more corporate users involved in formulating a technology protection plan. But, she added, the new plan's value will depend on how it's put together and whether it has possible use "as a model for my organization."

• U.S. Department of Commerce

Note: Pages will open in a new browser window
External sites are not endorsed by CNN Interactive.


Back to the top