White House official outlines cybersecurity initiatives

A key White House official on Friday outlined the Bush administration's strategy for protecting the national critical infrastructure, including expanding partnerships with the private sector and encouraging information sharing among companies to avoid cyberattacks.

Paul Kurtz, director of Critical Infrastructure Protection for the White House, told attendees at a conference hosted by MicroStrategy that the administration is making progress with initiatives to protect systems like banking and financial networks, and transportation and utilities grids.

He said the plan would be outlined in a guide designed to better establish strong security in the private and public sectors. The plan will likely be unveiled this summer, possibly as early as June.

"First and foremost ... we must form a partnership with the private sector," he said. To that end, Kurtz said the administration aims to "avoid regulation" and encourage market-driven solutions. As private companies own 80 percent to 90 percent of the country's critical infrastructure, their cooperation is essential, he said.

"We want to work to break down barriers to share information," he said, adding that the administration supports the concepts underlying proposals on Capitol Hill to loosen restrictions under the Freedom of Information Act. Such legislation would ease liability and encourage companies to share IT security information, including the latest security and types of attacks a company suffers.

Continuing work started by the Clinton administration, Kurtz said the White House cybersecurity team is looking to establish a dialogue with private industries to assure that security is being built into the next generation of computer systems. The administration also is formulating a tool called the Cyber Warning and Information Network to warn public and private sector businesses of impending cyber attacks, such as computer viruses that can hijack critical systems.

Kurtz said the national plan will be available on the Web, covering a broad scope of issues, including national, consumer and international topics.

Kurtz also mentioned similar efforts, such as developing GovNet, a government intranet designed to protect "critical communications ... that are on all the time." More than 160 GovNet proposals currently are being reviewed and await a decision from cybersecurity chief Richard Clarke, who will decide in February if the project will proceed.

The Bush administration also is working toward creating a priority-access system for cell phones to enable critical-response teams, for example, to circumvent the problem of jammed connections during emergencies.

Kurtz also touted the federal Cybercorps program, which allocates scholarships to students who choose to study technology security issues. The White House intends to expand the program, Kurtz said, to shore up the "great deficit of people looking at cybersecurity issues."

Despite the push from the executive branch and initiatives on Capitol Hill aimed at improving cybersecurity, Kurtz emphasized that the problem remains largely one of the private sector.

He urged companies to identify their critical infrastructures and the vulnerabilities associated with those systems, and to create programs to mitigate threats. He also said that companies need to create policies to aid security and that there needs to be a process within firms to educate and train workers on security risks.