The White House, National Strategy to Secure Cyberspace (Feb. 2003) (full-text).
This Report was published by the Bush Administration to encourage the private sector to improve computer security for the U.S. critical infrastructure through having federal agencies set an example for best security practices.
The Report was intended to provide an initial framework for both organizing and prioritizing efforts to protect the nation’s cyberspace. It was also intended to provide direction to federal departments and agencies with roles in cyberspace security and to identify steps that state and local governments, private companies and organizations, and individual Americans can take to improve cybersecurity.
The strategy reiterated the critical infrastructure sectors and the related lead federal agencies as identified in the National Strategy for Homeland Security. In addition, the strategy identifies DHS as the central coordinator for cyberspace efforts. As such, DHS is responsible for coordinating and working with other federal entities involved in cybersecurity.
The strategy states that cyber analysis includes both (1) tactical analytical support during a cyber incident and (2) strategic analyses of threats. Tactical support involves providing current information on specific factors associated with incidents under investigation or specific identified vulnerabilities. Examples of tactical support include analysis of (1) a computer virus delivery mechanism to issue immediate guidance on ways to prevent or mitigate damage related to an imminent threat or (2) a specific computer intrusion or set of intrusions to determine the perpetrator, motive, and method of attack.
Strategic analysis is predictive in that it looks beyond one specific incident to consider a broader set of incidents or implications that may indicate a potential future threat of national importance. For example, strategic analyses may identify long-term vulnerability and threat trends that provide advance warnings of increased risk, such as emerging attack methods. Strategic analyses are intended to provide policymakers with information that they can use to anticipate and prepare for attacks, thereby diminishing the damage from such attacks.
|“||The strategy addresses cybercrime in the broader context of cybersecurity. Within this context, it prioritizes improving U.S. response to cyber incidents and reducing any potential damage, reducing threats from and vulnerabilities to cyber attacks — including cybercrime — and preventing cyber attacks.||”|
National Priorities Edit
This strategy was organized according to five national priorities, with major actions and initiatives identified for each:
A National Cyberspace Security Response System Edit
Coordinated by DHS, this system is described as a public/private architecture for analyzing and warning, managing incidents of national significance, promoting continuity in government systems and private-sector infrastructures, and increasing information sharing across and between organizations to improve cyberspace security. The system is to include governmental entities and nongovernmental entities, such as private-sector information sharing and analysis centers (ISACs). Major actions and initiatives identified for cyberspace security response include providing for the development of tactical and strategic analysis of cyberattacks and vulnerability assessments; expanding the Cyber Warning and Information Network to support the role of DHS in coordinating crisis management for cyberspace security; coordinating processes for voluntary public/private participation in the development of national public/private continuity and contingency plans; exercising cybersecurity continuity plans for federal systems; and improving and enhancing public/private information sharing involving cyberattacks, threats, and vulnerabilities.
A National Cyberspace Security Threat and Vulnerability Reduction Program Edit
This priority focuses on reducing threats and deterring malicious actors through effective programs to identify and punish them; identifying and remediating those existing vulnerabilities that, if exploited, could create the most damage to critical systems; and developing new systems with less vulnerability and assessing emerging technologies for vulnerabilities. Other major actions and initiatives include creating a process for national vulnerability assessments to better understand the potential consequences of threats and vulnerabilities, securing the mechanisms of the Internet by improving protocols and routing, fostering the use of trusted digital control and supervisory control and data acquisition systems, understanding infrastructure interdependencies and improving the physical security of cybersystems and telecommunications, and prioritizing federal cybersecurity research and development agendas.
A National Cyberspace Security Awareness and Training Program Edit
This priority emphasizes promoting a comprehensive national awareness program to empower all Americans — businesses, the general workforce, and the general population — to secure their own parts of cyberspace. Other major actions and initiatives include fostering adequate training and education programs to support the nation’s cybersecurity needs; increasing the efficiency of existing federal cybersecurity training programs; and promoting private-sector support for well-coordinated, widely recognized professional cybersecurity certification.
Securing Governments’ Cyberspace Edit
To help protect, improve, and maintain governments’ cybersecurity, major actions and initiatives for this priority include continuously assessing threats and vulnerabilities to federal cyber systems; authenticating and maintaining authorized users of federal cyber systems; securing federal wireless local area networks; improving security in government outsourcing and procurement; and encouraging state and local governments to consider establishing information technology security programs and participating in ISACs with similar governments.
National Security and International Cyberspace Security Cooperation Edit
This priority identifies major actions and initiatives to strengthen U.S. national security and international cooperation. These include strengthening cyber-related counterintelligence efforts, improving capabilities for attack attribution and response, improving coordination for responding to cyberattacks within the U.S. national security community, working with industry and through international organizations to facilitate dialogue and partnerships among international public and private sectors focused on protecting information infrastructures, and fostering the establishment of national and international watch-and-warning networks to detect and prevent cyberattacks as they emerge.