The White House had planned to release its blueprint for securing cyberspace tomorrow, to great fanfare. Recall that September 18, 2001 was to cyber-security what September 11 was to homeland security: a wakeup call voiced by the Nimda virus/worm. Richard Clarke, President Bush's special advisor for cyberspace security, and his panel have been working hard on a set of recommendations for government and industry.
Depending on their filing deadlines and the date of the draft that they got their hands on, some news outlets missed the fact, reported most sharply by the Washington Post and the AP, that tomorrow's released report will be labeled "For Comment," with a final version due out later in the year.
AP reporters D. Ian Hopper and Ted Bridis provided good color commentary on the elbowing and shin-kicking by industry that has shaped the cyber-security recommendations so far. Honors for best description of the panel's "mission impossible" charter go to a Network Associates security expert: "Design a strategy but not an implementation plan. Make it effective but not prescriptive. Make it short but include industry's input. Make real advancements but don't gore anyone's ox."
Sarah Lai Stirland, writing in the Seattle Times, used the lens of two imminent Seattle-area conferences to examine "the new face of civil defense in the networked information age, in which businesses and individuals play an important role in national security." A speaker at both conferences will be Howard Schmidt, former Microsoft security chief and now vice-chair of Richard Clarke's presidential panel.
Speaking of Microsoft: In his weekly News.com column, Declan McCullagh questioned why the report barely mentions Microsoft as an integral part of the problem of cyber-insecurity. McCullagh is not a rabid Microsoft basher -- he opposed the government's antitrust suit on principle -- yet he matter-of-factly noted that Microsoft "has been responsible for more online security woes than any other company in history." McCullagh quoted Will Rodger of the Computer and Communications Industry Association: "The government is treating 'malware' like viruses and intrusions into people's computers as though these were problems inherent to the Internet. They are not. If there are 60,000 Windows viruses, fewer than 100 Mac viruses, and maybe a dozen Unix viruses, why aren't the problems with Windows an issue?" Yesterday a National Security Council spokesman said the White House has "no problem with the Internet's 'monoculture' environment," McCullagh reported. - Keith Dawson
White House Slows IT Security Planning
Heavy industry lobbying removes parts of national cybersecurity plan (SFGate - AP)
U.S. civil defense expands to frontiers of cyberspace (Seattle Times)
Microsoft's new deal with Uncle Sam
White House Preps Cybersecurity Plan
White House cyberdefense strategy due out on Wednesday (Computerworld)
Cybersecurity plan offers tips, not rules-experts (Reuters)