White House issues 'National Strategy to Secure Cyberspace'

The White House issued its long-awaited National Strategy to Secure Cyberspace report, the document intended to summarize ways to improve network security for government agencies, the private sector and citizens in their homes.

  About fifty pages, the final document, signed by President George W. Bush, drops some of the more controversial statements made in the earlier draft document about whether ISPs or universities, for example, could be doing more on behalf of cyberspace security. Instead, the "National Strategy to Secure Cyberspace" tones down its criticism and is content to "encourage" industry, government agencies, and the public to reduce risks wherever practical. However, beyond the advice about denial-of-service "zombie" software and access controls, the report does take up a few new issues that could have far-ranging impact.

  For one, the report says the government will consider expanding the "Common Criteria" purchasing mandate, which took effect last July primarily for the "national security systems" of the Defense Department,  to include any purchasing done by the government's civilian agencies as well.

  At present, agencies operating national security systems must purchase software products from a list of lab-tested and evaluated products in a program run by the National Information Assurance Partnership (NIAP), a joint partnership between the National Security Agency and the National Institute of Standards and Technology.