Difference between revisions of "The National Strategy to Secure Cyberspace"

From Cybersecurity Wiki
Jump to navigation Jump to search
Line 72: Line 72:
 
# Exercise cybersecurity continuity plans for federal systems; and
 
# Exercise cybersecurity continuity plans for federal systems; and
 
# Improve and enhance public-private information sharing involving cyber attacks, threats, and vulnerabilities.
 
# Improve and enhance public-private information sharing involving cyber attacks, threats, and vulnerabilities.
 +
 +
===Priority II: A National Cyberspace Security Threat and Vulnerability Reduction Program===
 +
By exploiting vulnerabilities in our cyber
 +
systems, an organized attack may endanger the
 +
security of our Nation’s critical infrastructures.
 +
The vulnerabilities that most threaten cyberspace
 +
occur in the information assets of critical
 +
infrastructure enterprises themselves and their
 +
external supporting structures, such as the
 +
mechanisms of the Internet. Lesser-secured
 +
sites on the interconnected network of networks
 +
also present potentially significant exposures to
 +
cyber attacks. Vulnerabilities result from
 +
weaknesses in technology and because of
 +
improper implementation and oversight of
 +
technological products.
 +
 +
The National Strategy to Secure Cyberspace
 +
identifies eight major actions and initiatives to
 +
reduce threats and related vulnerabilities:
 +
 +
# Enhance law enforcement’s capabilities for preventing and prosecuting cyberspace attacks;
 +
# Create a process for national vulnerability assessments to better understand the potential consequences of threats and vulnerabilities;
 +
# Secure the mechanisms of the Internet by improving protocols and routing;
 +
# Foster the use of trusted digital control systems/supervisory control and data acquisition systems;
 +
# Reduce and remediate software vulnerabilities;
 +
# Understand infrastructure interdependencies and improve the physical security of cyber systems and telecommunications;
 +
# Prioritize federal cybersecurity research and development agendas; and
 +
# Assess and secure emerging systems.
  
 
==Additional Notes and Highlights==
 
==Additional Notes and Highlights==

Revision as of 19:35, 8 September 2010

Full Title of Reference

The National Strategy to Secure Cyberspace

Full Citation

Executive Office of the President of the U.S., The National Strategy to Secure Cyberspace (2003). Online Paper. Web

BibTeX Google Books Amazon

Categorization

Key Words

Synopsis

Strategic Objectives

Consistent with the National Strategy for Homeland Security, the strategic objectives of this National Strategy to Secure Cyberspace are to:

  • Prevent cyber attacks against America’s critical infrastructures;
  • Reduce national vulnerability to cyber attacks; and
  • Minimize damage and recovery time from cyber attacks that do occur.

The National Strategy to Secure Cyberspace articulates five national priorities including:

  1. National Cyberspace Security Response System;
  2. A National Cyberspace Security Threat and Vulnerability Reduction Program;
  3. A National Cyberspace Security Awareness and Training Program;
  4. Securing Governments’ Cyberspace; and
  5. National Security and International Cyberspace Security Cooperation.

The first priority focuses on improving our response to cyber incidents and reducing the potential damage from such events. The second, third, and fourth priorities aim to reduce threats from, and our vulnerabilities to, cyber attacks. The fifth priority is to prevent cyber attacks that could impact national security assets and to improve the international management of and response to such attacks.

Priority I: A National Cyberspace Security Response System

Rapid identification, information exchange, and remediation can often mitigate the damage caused by malicious cyberspace activity. For those activities to be effective at a national level, the United States needs a partnership between government and industry to perform analyses, issue warnings, and coordinate response efforts. Privacy and civil liberties must be protected in the process. Because no cybersecurity plan can be impervious to concerted and intelligent attack, information systems must be able to operate while under attack and have the resilience to restore full operations quickly.

The National Strategy to Secure Cyberspace identifies eight major actions and initiatives for cyberspace security response:

  1. Establish a public-private architecture for responding to national-level cyber incidents;
  2. Provide for the development of tactical and strategic analysis of cyber attacks and vulnerability assessments;
  3. Encourage the development of a private sector capability to share a synoptic view of the health of cyberspace;
  4. Expand the Cyber Warning and Information Network to support the role of DHS in coordinating crisis management for cyberspace security;
  5. Improve national incident management;
  6. Coordinate processes for voluntary participation in the development of national public-private continuity and contingency plans;
  7. Exercise cybersecurity continuity plans for federal systems; and
  8. Improve and enhance public-private information sharing involving cyber attacks, threats, and vulnerabilities.

Priority II: A National Cyberspace Security Threat and Vulnerability Reduction Program

By exploiting vulnerabilities in our cyber systems, an organized attack may endanger the security of our Nation’s critical infrastructures. The vulnerabilities that most threaten cyberspace occur in the information assets of critical infrastructure enterprises themselves and their external supporting structures, such as the mechanisms of the Internet. Lesser-secured sites on the interconnected network of networks also present potentially significant exposures to cyber attacks. Vulnerabilities result from weaknesses in technology and because of improper implementation and oversight of technological products.

The National Strategy to Secure Cyberspace identifies eight major actions and initiatives to reduce threats and related vulnerabilities:

  1. Enhance law enforcement’s capabilities for preventing and prosecuting cyberspace attacks;
  2. Create a process for national vulnerability assessments to better understand the potential consequences of threats and vulnerabilities;
  3. Secure the mechanisms of the Internet by improving protocols and routing;
  4. Foster the use of trusted digital control systems/supervisory control and data acquisition systems;
  5. Reduce and remediate software vulnerabilities;
  6. Understand infrastructure interdependencies and improve the physical security of cyber systems and telecommunications;
  7. Prioritize federal cybersecurity research and development agendas; and
  8. Assess and secure emerging systems.

Additional Notes and Highlights