US unveils cybersecurity report
US officials have unveiled a draft report on making the country`s cyberspace safe from attack, warning that rogue nations are already preparing for attacks that could cripple vital computer-run infrastructure.
But critics immediately hacked away at the report, saying its voluntary measures did not offer enough security.
The report from the nation`s cybersecurity czar, Richard Clarke, the FBI and the Secret Service urges a wide range of actions, from installing firewall software to keep intruders out of personal computers to sharing information about attacks on corporate networks.
"Significant damage could be done to the economy" if there was a successful cyber attack, Clarke told a news conference after presenting the draft report at Stanford University.
"Malicious commands could be sent out that would cause the systems to blow up. That`s the extreme," he said, adding: "Nation states are forming offensive military units that would use cyberspace against us in future wars. Somewhere along the line, we will face a major threat."
But the "National Strategy to Secure Cyberspace" was immediately criticised for being watered down after industry complaints.
"The report is basically a PR vehicle. It has no teeth," says Bruce Schneier, chief technology officer of network monitoring firm Counterpane Internet Security. "If you are the government and you want people to do something, you pass a law."
Others agree, saying regulation is needed to force the computer industry to do more to improve the security of its products. "We need laws," said Russ Cooper, editor of the NTBugTraq e-mail list and a security expert with TruSecure. "They even make a comment in the preamble that legislation will be considered when the market has failed and we`re certainly at that place now."
The Bush administration wanted to rely on market solutions rather than regulatory mandates, said Department of Commerce undersecretary Kenneth Juster.
The report says regulation was avoided to "encourage maximum participation by the private sector".
Critics say the report fails to mention that security flaws in Microsoft`s software lead to much of the security woes faced by home and office computer users. "It seemed there was an attempt to steer clear of what is the big problem - Windows," said Ed Black, president of the Computer and Communications Industry Association.
"For the home user, a lot of the security has to come from Microsoft and be built into Windows," said Richard Smith, an independent security consultant. "It seems like you get a lot more bang for your buck if you get Microsoft to work on the issue."
A string of security holes in Windows and other products has stung the software giant in recent years, prompting chairman Bill Gates to announce in January that security would be a top priority.
Scott Charney, chief security officer at Microsoft, says he takes a more "holistic" approach to the problem, believing that the responsibility of improving computer security belongs to everyone, including vendors, computer users and government. "There is no question that because of our market share we`re a major leader in the industry and we need to do security right," he said, adding that Microsoft has spent $100 million to boost security in its products.
The document was released on the one-year anniversary of the initial spread of the Nimda virus, which experts said caused an estimated $3 billion in economic damage worldwide.