Officials aim to send Bush cybersecurity plan by year's end

The White House Office of Cyberspace Security expects to complete work on the national cybersecurity strategy and send it to President Bush for his signature by the end of the year, according to a top White House official.

Marcus Sachs, director of communication and infrastructure protection at the office, also said on Thursday that the office received more than 1,000 responses to the draft plan unveiled in September by the Nov. 18 deadline for comments.

"We're taking the next couple of weeks to look through the comments, and we most likely will have [the final proposal] to the president for his signature by the end of the year," Sachs told information technology specialists gathered at a State Department e-government conference.

The draft strategy is part of a broader national security plan that gives guidance to the White House Office of Homeland Security and other strategists on how to thwart potential terrorist attacks, he said. Since the draft was released, the 15-member staff at the Cyberspace Security Office has been reviewing the comments to try to finalize the plan as quickly as possible, according to high-tech industry sources.

Meanwhile, Sachs stressed to conference participants, which included officials from countries such as Bulgaria, Hungary, the Dominican Republic and Japan, that one of the most important things countries can do to help prevent cyberattacks is to designate a single person or office to coordinate cybersecurity efforts. In addition, he stressed the importance of countries enacting laws that make the misuse of information technology illegal.

Michelle Markoff, deputy director of policy, plans and analysis at State's Bureau of Political and Military Affairs, also stressed that countries need to create a "culture of security" when it comes to protecting computer networks, "and that should come from the top."

She noted that she is working with U.N. countries to gain passage of a resolution that draws upon cybersecurity guidelines adopted by the Organization for Economic Cooperation and Development (OECD).

John McCumber, strategic program manager at Symantec and a former employee at the National Security Agency, told participants that securing computer networks is an evolving and never-ending process, and that once there is an understanding of the threat, countries need to develop strategies for securing their systems.

When asked by one participant whether the U.S. government would ever require software companies to incorporate security into their products, Sachs said that as the nation's largest purchaser of IT products, the government is creating incentives for such products but added that no one currently expects the government to impose a mandate on the private sector.