Bush security panel plan gets mixed reviews

Bush security panel plan gets mixed reviews

Some experts doubt that the president's plan to restructure government cybersecurity will improve the protection of critical networks.

'There is a lack of acceptable standards that agencies are able to implement,' said Alan Matthews, president of Rapid7 Inc. of New York, which provides vulnerability assessment tools.

The job of any high-level board should be to allocate resources and assign accountability rather than to impose blanket policies, Matthews said.

A draft executive order from President Bush reportedly would eliminate the current position of national coordinator for infrastructure protection and replace it with a 21- or 23-member board under national security adviser Condoleezza Rice.

Although top-level support for cybersecurity is essential, security cannot be imposed from above, experts said.

'People are taking potshot audits at agencies, without telling them how to do it right,' said Alan Paller, director of research at the SANS Institute in Bethesda, Md. 'You can't fix security if you don't know what to do. The way we get that is with metrics and proven practices.'

Matthews said that in a recent survey by his company, 71 percent of government respondents said they were not taking all reasonable precautions to secure systems.

'William Jackson

Stay Connected

Sign up for our newsletter.

I agree to this site's Privacy Policy.