NATIONAL CYBERSECURITY STRATEGY: Key Improvements Are Needed to Strengthen the Nation's Posture

摘要

Government officials are concerned about attacks from individuals and groups with malicious intent, such as criminals, terrorists, and adversarial foreign nations. For example, in February 2009, the Director of National Intelligence testified that foreign nations and criminals have targeted government and private sector networks to gain a competitive advantage and potentially disrupt or destroy them, and that terrorist groups have expressed a desire to use cyber attacks as a means to target the United States. The director also discussed that in August 2008, the national government of Georgia's Web sites were disabled during hostilities with Russia, which hindered the government's ability to communicate its perspective about the conflict. Statement of the Dire The federal government has developed a strategy to address such cyber threats. Specifically, President Bush issued the 2003 National Strategy to Secure Cyberspace and related policy directives, such as Homeland Security Presidential Directive 7,5 that specify key elements of how the nation is to secure key computer-based systems, including both government systems and those that support critical infrastructures owned and operated by the private sector. The strategy and related policies also establish the Department of Homeland Security (DHS) as the focal point for cyber CIP and assign the department multiple leadership roles and responsibilities in this area. They include (1) developing a comprehensive national plan for CIP, including cybersecurity; (2) developing and enhancing national cyber analysis and warning capabilities; (3) providing and coordinating incident response and recovery planning, including conducting incident response exercises; (4) identifying, assessing, and supporting efforts to reduce cyber threats and vulnerabilities, including those associated with infrastructure control systems; and strengthening international cyberspace security.