To ensure that the nations systems are safe from cyberterrorism, the administration will demand detailed security plans from eight more agencies.
It expects plans next month from 14 agencies for the infrastructure protection effort.
The administration last week unveiled its plan to require additional agency participation. Government officials talked about the project at a computer security seminar sponsored by the General Services Administration and the Chief Information Officer Councils Security Committee.
The additional agencies will get formal notice in a few weeks from Richard Clarke, the national coordinator for security, critical infrastructure and counterterrorism, said Thomas R. Burke, GSAs chief infrastructure assurance officer.
As the president has directed, the federal government should be the model. Right now we are a model. Were a model of what not to do, Clarke said.
The additional agencies, known as Tier 2 agencies, join the 14 Tier 1 agencies that the White House already assigned responsibilities.
Tier 1 agencies must complete vulnerability surveys by next month; Tier 2 agencies have until February to do their vulnerability surveys, Burke said.
Delineating Tier 1 and Tier 2 agencies means that remaining agencies will not be required to detail their security plans under Presidential Decision Directive 63.
The directive previously was viewed as a governmentwide mandate. There was some confusion among agencies about which ones were covered, said Jeffrey Hunker, director of the administrations Critical Infrastructure Assurance Office. By identifying the Tier 1 and Tier 2 agencies, CIAO can focus on the most critical agencies, he said.
We are encouraging those agencies [not identified] to take the same actionsto develop their plans, Hunker said. Were not requiring them to do it.
At the seminar last week, Clarke made a dramatic call for agencies to act. I know none of you need additional work, especially work that might highlight your vulnerabilities, he said. But youre being asked to define the defensesthe defenses against the next war.
CIAO, the organization that is responsible for implementing a plan to protect the nations critical infrastructures, has made a dozen agencies responsible for specific areas. The Treasury Department, for example, is working with the banking and finance community to ensure that they have a plan to deal with cyberattacks.
Burke said GSA and CIAO are assembling a team of security experts to help agencies formulate security plans. The team will include government security experts on loan from their agencies for at least 120 days, he said.
GSA is also in the final stages of developing a basic security plan and vulnerability assessment to help agencies, Burke said. Agencies should use existing documentation for their plans such as internal and General Accounting Office audits, he said.
Hunker also suggested that agencies use knowledge gained from their year 2000 work to build security plans. For instance, agencies have inventoried their mission-critical systems, he said.
|