Security Watch: We need a new national cybersecurity plan--now

- home
- reviews
- news
- downloads
- cnet tv
On The Insider: Robert Downey Jr Injured on the Set
- log in
- join CNET
- welcome,
- my profile
- log out

Security Watch : Don't get burned by viruses and hackers.

We need a new national cybersecurity plan--now


	E-mail to a friend
	Send us feedback

By Robert Vamosi

Senior associate editor, CNET Reviews
December 10, 2003

Once upon a time, President Bush appointed Richard Clarke as national cybersecurity czar, tasking him and a handful of other security-minded folks with creating a plan that would make the Internet more secure.

Such a plan, everyone reasoned, would help rein in the malicious code swirling around the Net, establish secure practices and policies throughout the computer industry, and most importantly, protect end users and corporations alike from the costly consequences of viruses and criminal hackers.

A diluted report
As you may remember, Clarke's task force quickly ran into opposition, mostly from wealthy lobbyists representing communications, software, and security companies, but also from--surprise--the White House. Thus, the final report called for the industry to regulate itself and provided only vague recommendations for everyone else.

More than a year after that report appeared, you and I are no better protected online than we were before Richard Clarke and his team first met. And now it will take yet another year before the computer industry proposes its own self-regulating actions.

That's too long. We need to scrap the current plan and start over.

The DHS itself remains largely unproven as an effective deterrent to cybercrime.

It's clear to me and to many in the security community that the current plan is flawed, yet the Bush administration insists it is a serious blueprint for enhancing cybersecurity. At the National Cyber Security Summit, held last Wednesday in Santa Clara, California, government officials praised the progress they've made thus far. However, it's interesting to note that the 300 invited guests at the closed-door sessions did not include many noted individuals within the security community, giving the summit a distinctly probusiness skew.

Cyberspace no longer a priority
Since the beginning of 2003, the Bush administration has distanced itself from cybersecurity, demoting its once high-profile task force to a third-tier priority within the new Department of Homeland Security (DHS). The DHS itself remains largely unproven as an effective deterrent to cybercrime, hampered in large part by the decision of several experienced agents from the Secret Service, the FBI, and other tech-savvy agencies to take lucrative jobs in the private sector rather than join the fledgling department.

As proof of the DHS's inability to handle a real crisis, I'll remind you of the Slammer worm attack last January, which slowed e-commerce and shut down many ATMs. The DHS neglected to issue a statement about the worm for several hours after it hit the Net, because no one was in the office. Today, the DHS is still understaffed to the point where it would be difficult for it to handle a serious Internet threat.

Even the position of cybersecurity division chief, left vacant after the departure of Richard Clarke in early 2003 and then Howard Schmidt two months later, remained unfilled throughout the virus outbreaks of Sobig.f and Blaster this past August. It wasn't until late September of this year that Amit Yoran, formerly a Symantec executive, arrived as the new chief, causing some within the security community to question whether he could be impartial.

We need a fresh start
To make matters worse, the proposals that came out of last week's summit are still too vague. I believe the Bush administration should disengage itself from corporate special interests and once again involve the independent security community in negotiating a new cybersecurity policy, one with more immediate results for you and me.

I favor requiring broadband ISP services to provide free antivirus and firewall software to their customers.

They wouldn't have to start from scratch, either. Many of Richard Clarke's original ideas are worth reinstating. Among them, I favor requiring broadband ISP services to provide free antivirus and firewall software to their customers and speeding the process to secure wireless Internet access.

While these sorts of policies may cost some technology companies money in the short term, in the long run they would leave us all better off.

What do you think? How should we secure the Net? Through legislation or corporate self-regulation? Tell me about it--TalkBack to me!

Next steps

CNET editors' top security products

Check latest prices for Internet security and firewall applications

Get the latest specs and reviews for antivirus applications

Protect your computer with security and encryption software

CNET Security Center
Update your software and learn about firewall apps

CNET Virus Center
View current virus threats, learn how to protect your PC, and more

Antivirus applications compared
Find the right antivirus product for you

McAfee security line reviewed
Read the latest antivirus and firewall reviews from McAfee

Norton's security line examined
Read the latest antivirus and firewall reviews from Norton

Virus and security alert forums
From CNET Message Boards

12/3/03
Why Internet security suites aren't so sweet
In his annual matchup between the latest editions of the Internet security suites from McAfee and Norton, Rob says both offer cool features--as well as some serious flaws.

11/26/03
Keep script kiddies off your PC
Believe it or not, script kiddies may be using your computer to launch attacks against one another. Don't get caught in the cross fire. Here's how to keep your system safe.

11/19/03
It wasn't me; it was the Trojan horse
Three U.K. residents have been acquitted after saying a Trojan horse caused their computers to commit crimes. We'll soon see creative defenses for tech-related crimes in the United States as well.

More commentary

		Buzz Report Molly Wood Taking a bite out of hype.
		Security Watch Robert Vamosi Don't get burned by viruses and hackers.
		Fully Equipped David Carnoy The electronics you lust for.
		On Call Kent German Solutions for your wireless woes.
		Driving It Wayne Cunningham What's hot and what's not in car tech.

Reviews & advice: Reviews Site map; Editorial policies; Meet the editors; How we test; Tips & tricks; Internet speed test

Popular topics: Apple iPhone; Apple iPod; CES; Cell phones; Dell; GPS

CNET sites: CNET Site map; CNET TV; Downloads; News; Reviews; Shopper.com

More information: Newsletters; Corrections; Customer Help Center; RSS; What's new; About CNET

Privacy policy
Terms of use
Visit other CBS Interactive sites:

#networkSites {display:none;}BNET | CHOW | CNET.com | CNET Channel | GameSpot | International Media | mySimon | Search.com | TechRepublic | TV.com | ZDNet