The White House's cybersecurity coordinator Howard Schmidt is getting attention for his effort to make U.S. cybersecurity strategy more "transparent," by posting summaries of the 12 principles driving the approach. That sketch of the Comprehensive National Cybersecurity Initiative's framework is, as of yesterday afternoon, posted on the National Security Council's Web site. Included are things like treating federal networks as a single protected entity and boosting cybersecurity education.
That's all well and good, as far as it goes. The federal government, particularly during the Bush years, has certainly fallen into the trap of reflexively stamping "TOP SECRET" on every report, document, and Staples receipt. But there are things that this release is, and things that it isn't. And one of the things that the Schmidt release isn't is constructive guidance for American corporations, network providers, and other potential strategic partners looking to work with the federal government to protect their cyber assets day in and day out.
Those who worry about the future of cybersecurity complain that, as things stand, there's a shortage of known good ways for private entities to work with the federal government short of going running to the National Security Agency, a la Google. And as someone said on a recent panel on the state of tech hosted by The Atlantic that I happened to be on, the problem with that is when there's something suspicious going on in your neighborhood, you want to let the police know, not call in the U.S. Army. Then again, Schmidt's only been in the job a little over a month, so we'll see.
-- Nancy Scola