November 7, 2005 11:00 AM PST

Homeland Security's vague cyber plan

By Anne Broache
Staff Writer, CNET News

Share
- Digg
- Del.icio.us
- Reddit
- Facebook
Email
Print

Related Stories: Homeland Security inches toward makeover
October 17, 2005; Homeland Security chief wants to collaborate
October 11, 2005; U.S. cybersecurity due for FEMA-like calamity?
October 10, 2005; Feds create new post of cybersecurity czar
July 13, 2005; Feds vulnerable to lots of Net threats
June 14, 2005

A preliminary report released by the Department of Homeland Security seems to scatter cybersecurity responsibilities across the government and the private sector while sticking to generalities about future plans.

In its 175-page draft of the National Infrastructure Protection Plan (PDF), or NIPP, the department outlines a broad framework for protecting the nation's "critical infrastructure" and "key assets"--bureaucratic argot referring to everything from the power grid to dams to computer systems.

President Bush first commissioned the plan in December 2003, and the Department of Homeland Security released an early version in February. According to a notice announcing the document's availability, the latest version aims to provide greater detail.

The term "cybersecurity" appears 148 times the draft, and a 16-page appendix devoted to the topic offers some suggestions for threat analysis, response readiness and training.

But the rest is worded in terms of generalities. The plan asserts that cybersecurity responsibilities should ultimately lie with the Department of Homeland Security but also calls on state and local governments to come up with information security measures and to be aware of vulnerabilities in their systems. The report charges academia and research institutions with devising "best practices" for IT security and the private sector with ensuring that it is "satisfying cyberprotection standards."

The document suggests that work should be done through a "sector partnership model"--that is, informal advisory bodies composed of private-sector and governmental representatives from the same subject area. It proposes several lists of general actions that various sectors should take (for example, "set sector-specific security goals") and allocates deadlines from the adoption of the plan to accomplish them (in that particular case, 90 days).

The recommendations are often vague. For example, the suggestion that the Department of Homeland Security should lead and develop a "national cybersecurity exercise" to simulate responses to an attack is listed as an "ongoing" project with no deadline. And under a category referring to the steps the government should take to deal with "privacy and constitutional freedoms," the department lists no suggested actions.

"It strengthens the linkages between physical and cyber efforts, but the base plan itself is not intended to provide a detailed protection plan for each critical sector," Kirk Whitworth, a Homeland Security spokesman, said in an e-mail interview. "That is going to come with the sector-specific plans, six months after the NIPP is signed early next year."

The agency plans to accept comments on the proposal through Dec. 5.

See more CNET content tagged:
sector, homeland security, government

Add a Comment (Log in or register) 2 comments

Cyber Security? BAH
by Inetsec November 7, 2005 12:50 PM PST: In all honesty there is not now, nor will there ever be such a thing as 'cyber security.' They should change the name to something like 'cyber preparedness,' or 'national cyber threat action plan.' Both of which would be a stretch but it would 'sorta convey the premise of the effort.; Reply to this comment

Practice what they preach
by rcrusoe November 7, 2005 7:08 PM PST: If the DHS wants us to believe they know something about "cyber
security" they better quit buying windows computers.; Reply to this comment

Latest tech news headlines

The main problem with Windows Vista
Posted in Defensive Computing by Michael Horowitz

September 6, 2008 7:50 PM PDT
Google-focused satellite enters orbit
Posted in News - Digital Media by Jonathan Skillings

September 6, 2008 7:33 PM PDT
In NFL deal, an extra point for Adobe's Flash
Posted in News - Digital Media by Jonathan Skillings

September 6, 2008 6:40 PM PDT

RSS Feeds

Add headlines from CNET News to your homepage or feedreader.

More feeds available in our RSS feed index.

Inside CNET News

Scroll Left Scroll Right

News - Business Tech
Chrome's JavaScript challenge to Silverlight
The advent of Google's Chrome browser, software pros say, should spur a big speedup for JavaScript, which would raise its standing against Microsoft's Silverlight technology.
Gallery
Photos: Top 10 reviews of the week
Here are CNET Reviews' 10 favorite items from the past week, including the TiVo HD XL, Sony Cyber-shot DSC-H50, and the Dish Network's newest digital TV converter box.
News - Apple
Apple watchers spot 'iPod Nano' pix, iTunes hints
The rumor mill has long been predicting a longer, leaner new version of the iPod Nano, and now it's conjuring up some pictures.
Coop's Corner
Chris Shipley 1, Internet lynch mob 0
Demo's impresario goes public with a tart and smartly written riposte to the shoot-from-the-lip crowd.
Video
Katie Couric reflects on first Webcast
The political conventions are over and so are CBS Evening News anchor Katie Couric's first series of Webcasts. CNET's Kara Tsuboi sat down with Couric on the final night of the Republican National Convention to discuss what she liked about Webcasting, some of her most memorable guests, and whether TV news will still be around by the next round of conventions.
News - Digital Media
Google-focused satellite enters orbit
The search titan has exclusive rights among online mapping sites to images from the new GeoEye-1 satellite, which launched Saturday.
Video
YouTube plays party politics
During the presidential campaigning four years ago, YouTube didn't even exist. Now it's a tool candidates must master to get their message across. CNET's Kara Tsuboi stops by the YouTube upload booths at the Democratic and Republican conventions to find out why Google's video site has such a big presence in Denver and St. Paul, Minn.
News - Gaming and Culture
Are Demo and TechCrunch50 fragmenting their audiences?
With both events scheduled to start Monday, many press, as well as venture capitalists and others are having to choose which one to attend.
News - Cutting Edge
Execs predict next Google-like tech
On eve of company's 10-year anniversary, researchers and business pundits speculate about what technologies might someday have as much impact as Google.
Gallery
Images: The art of 'Spore' prototypes
Will Wright and his Maxis team worked on dozens of prototypes to test the elements of their soon-to-be-released evolution game. Here's a sampling.
Webware
At the TechCrunch50, an unfair advantage?
Inside baseball: How Webware and other blogs can compete with TechCrunch in covering the TechCrunch50 event.
Green Tech
Duke Energy to invest in mini solar power plants
Can hundreds of rooftop solar panels collectively operate like a central power plant? Duke Energy launches $100 million distributed solar program to find out.