DHS Outlines Cyberspace Strategy

17 February 2003

A new report by the U.S. Department of Homeland Security could shed light on the Bush administration's views on Internet-related industries.

"The National Strategy to Secure Cyberspace" recommends ways to improve network security for both the private and public sectors as well as general consumers at large.

The most revealing aspect of the report may lie in what's been left out of the final version. In October the DHS released a draft document to get public opinion from experts in the field of cyberspace security.

The draft report included some rather controversial statements suggesting that ISPs and universities could do more to increase security on the Internet. Those assertions were left out of the final draft, perhaps supporting a conclusion that's already been drawn in the I-gaming space: Targeting ISPs as policing units for Internet-related initiatives is hard sell.

The same approach has been proposed as a way of prohibiting online gambling in the United States, although the most recent federal prohibition bill instead calls on payment processing entities for enforcement.

The DHS report encourages businesses, government agencies and the public to reduce risks wherever practical.

However, beyond advice about denial-of-service "zombie" software and access controls, the report does take up a few new issues that could have far-ranging impact.

One of its most notable suggestions is expanding the "Common Criteria" purchasing mandate--which currently only affects the national security system--to include all government agencies. The program is designed to prevent national security systems agencies from buying software that hasn't been thoroughly tested by an independent lab first.

Software is tested through a program run by the National Information Assurance Partnership (NIAP), a joint partnership between the National Security Agency and the National Institute of Standards and Technology, and is similar to existing programs in other jurisdictions.

Around a dozen other countries have similar agencies and all of them have endorsed the Common Criteria regimen.

The program has been many years in the making among countries supporting the idea of a single international certification system and could lay the groundwork for a larger international policing program for cyberspace.

It could be hypothesized that creating an international body with the mandate of certifying software is a first step in creating an international body to regulate and police sectors and marketplaces of the Internet that have no boundaries, such as Internet gambling.

The report also marks the first time the White House has publicly stated that the U.S. government reserves the right to respond "in an appropriate manner" if the country is attacked in cyberspace.

The report notes that the newly created Department of Homeland Security will be in charge of operating an around-the-clock facility for monitoring cyber threats, sharing information and incident response.

The report indicates that the government is seeking to build a private communications network, called the Cyber-Warning and Information Network, for sharing information with the private sector when the need arises.

Click here to download a complete copy of the report.