Skip to main content /TECH with IDG.net
CNN.com /TECH
CNN TV
EDITIONS


Computerworld

Bush team rewriting national IT protection plan

image


By Patrick Thibodeau

(IDG) -- Bush administration officials Tuesday said they've started rewriting the federal government's plan for protecting critical technology infrastructures in the U.S., claiming that the existing plan is flawed and offers little help to companies seeking to strengthen their IT security defenses.

The administration hopes to strengthen the infrastructure protection plan by relying heavily on input from the private sector, according to the officials. The White House added that it wants to avoid new security-related regulations, but warned that Congress could take regulatory action if U.S. companies fail to protect themselves.

"The preferred approach is to promote market [actions] rather than regulatory solutions," said Kenneth I. Juster, undersecretary for export administration at the U.S. Department of Commerce.

IDG.net INFOCENTER
IDG.net
Related IDG.net Stories
Features
Visit an IDG site


IDG.net search



The Clinton administration released a national plan for protecting critical IT infrastructure two years ago. A key part of the plan was a call for private sector cooperation through a series of industry-specific Information Sharing and Analysis Centers (ISACs), which companies can use to share incident reports and information about security trends. ISACs have been set up thus far in the banking, electricity, telecommunications and technology industries.

But Juster contended at a U.S. Chamber of Commerce forum here today that the Clinton plan was written mainly by bureaucrats and "could not be translated into business terms that corporate boards and senior management could understand, such as shareholder value, operational survivability, customer relations and public confidence in the company."

"Only when infrastructure concerns are translated into tangible business concerns will [companies] respond effectively," Juster said. Richard Clarke, national coordinator for security, infrastructure protection and counterterrorism, added that the Clinton plan "lacked the reservoir of knowledge" that private sector executives could provide.

Juster, Clarke and other Bush administration officials said they've already begun talking to companies in industries such as financial services, oil and gas, electricity and transportation and to technology vendors to seek help in preparing a new national plan. Their goal is to complete the new plan by the end of this year, they added.

Some attendees at the conference said they welcomed the new approach, but there were some caveats. "The biggest challenge is that things change so fast," said William Mair, president of Information Assurance Associates, a consultancy in St. Charles, Ill. "What is an effective solution one month is less reliable six months later."

Sharon Lee Thompson, director of IT auditing at the AARP in Washington, said she agrees with administration's goal of getting more corporate users involved in formulating a technology protection plan. But, she added, the new plan's value will depend on how it's put together and whether it has possible use "as a model for my organization."







RELATED STORIES:
RELATED IDG.net STORIES:
RELATED SITES:
• U.S. Department of Commerce

Note: Pages will open in a new browser window
External sites are not endorsed by CNN Interactive.


 Search   

Back to the top