最近出たホアイトハウスの"National Strategy To Secure Cyberspace."にはブッシュとなかがいい業界人のアドバイザーが多くあまり本当のエキスマートはいなかたみたいですね。こういうなんちゃってエキスパートパネルは日本だけじゃないんですね。;-p
このレポートはかなりアメリカの業界と他国の政府からかなり期待されていたみたいですが、読んでもおまりしんせんな事は書いていない。でも、フォーマットはかっこいいし、まー、何も知らなくてステータスがあるものしか読まない人にはいいかも。
David Farberのリストで以下を見つけました。
Richard FornoAmerica's National Cybersecurity Strategy: Same Stuff, Different AdministrationRichard Forno
(c) 2002 Infowarrior.org. All Rights Reserved
Article #2002-11.
Permission granted to reproduce and distribute in entirety with credit to author.
Today the White House releases its long-awaited "National Strategy To Secure Cyberspace." This high-level blueprint document (black/white or color), in-development for over a year by Richard Clarke's Cybersecurity team, is the latest US government plan to address the many issues associated with the Information Age.
The Strategy was released by the President's Critical Infrastucture Protection Board (PCIPB), an Oval Office entity that brings together various Agency and Department heads to discuss critical infrastructure protection. Within the PCIPB is the National Security Telecommunications Advisory Council (NSTAC), a Presidentially-sponsored coffee klatch comprised of CEOs that provide industry-based analysis and recommendations on policy and technical issues related to information technologies. There is also the National Infrastructure Advisory Council (NIAC) - another Presidentially-sponsored klatch - allegedly consisting of private-sector 'experts' on computer security; but in reality consists of nothing more than additional corporate leaders, few if any considered an 'expert' on computer security matters.
*******Forwarded from: security curmudgeon
>> http://www.whitehouse.gov/news/releases/2002/09/20020918-12.html
>
> Established by Executive Order 13231, NIAC will make recommendations
> regarding the security of the cyber and information systems of the United
> States' national security and economic critical infrastructures. The
> Committee will also examine ways that partnerships between the public and
> private sectors can be enhanced to improve cyber security.
>
> Let's break down this advisory board by title...
>
> 1 Chairman/President/CEO
> 8 Chairman/CEO
> 2 President/CEO
> 3 Chairman
> 1 Vice Chairman
> 2 CEO
> 1 COO
> 1 President
> 1 Executive Vice President
> 1 Governor
> 1 Mayor
> 1 Police Comissioner
> 1 Chief of Police
>
> That's a whole bunch of people that likely get their e-mail printed and
> handed to them.
>
> Now, let's see if any of them have an interesting track record with
> security...
>
>> Alfred R. Berkeley III, Vice Chairman, NASDAQ Stockmarket Inc.
>
> http://www.attrition.org/mirror/attrition/1999/09/14/www.nasdaq-amex.com
> http://www.attrition.org/mirror/attrition/1999/09/15/www.nasdaq-amex.com
>
> Domain Name: NASDAQ-AMEX.COM
>
> Administrative Contact:
> Nasd DNS Admin (ND542-ORG) nasdadmin@NASD.COM
> Nasdaq Stock Market, Inc
> 9513 Keywest Ave
> Rockville , MD 20850
> US
> 301.590.6856
> Fax- 301.590.6374
>
>> L. George Martinez, Chairman, Sterling Bank and Sterling Bancshares Inc.
>
> http://www.attrition.org/mirror/attrition/2001/04/15/www.banksterling.com
>
> Domain Name: BANKSTERLING.COM
>
> Administrative Contact:
> Throgmorton, David (DT5737) throgmor@BANKSTERLING.COM
> Sterling Bank
> 15000 Northwest Frwy
> Houston , TX 77040
> 713 507-7781 (FAX) 713 896-9159
>
>> John W. Thompson, Chairman and CEO, Symantec Corporation
>
> http://www.attrition.org/errata/sec-co/symantec01.html
> http://www.attrition.org/errata/sec-co/symantec-nipc01.html
> http://www.attrition.org/mirror/attrition/2001/01/19/smallbiz.symantec.com
> http://www.attrition.org/mirror/attrition/1999/08/02/www.symantec.com
>
>> Thomas E. Noonan, Chairman, President and CEO, Internet Security
>> Systems, Inc.
>
> ISS' ethics have been called into question repeatedly for the last several
> years.
>
>> Enrique Hernandez, Jr., President and CEO, Inter-Con Security Systems
>> Inc.
>
> Interesting, searching for Inter-Con Security Systems (since that name
> didnt ring a bell), the first hit i get is:
> http://www.gao.gov/decisions/bidpro/290493.htm
>
> second hit is interesting:
> http://www.law.com/regionals/ca/opinions/mar/bv23235.shtml
>
> another article calls them "the largest privately held security services
> firm in the world"
>
> he is a UnitedWay board member...
>
> and 30 hits into google, all i can see is that they provide guards for
> buildings and have no easy to find web page.
>
>> Maynard G. Webb, CEO, e-Bay
>
> http://www.attrition.org/mirror/attrition/2001/03/22/www.qa.ebay.com
> http://www.attrition.org/mirror/attrition/1999/03/13/ebay.com
>
>> William F. Owens, Governor of Colorado
>>
>> Jorge Santini, Mayor of San Juan Puerto Rico
>
> These two are "security experts"?
>
>> Karen Katen, President, Pfizer Global Pharmaceuticals and Executive Vice
>> President, Pfizer Inc.
>
> http://www.attrition.org/mirror/attrition/2001/04/09/www.pfizer.se
>
>
> All in all, I really don't get a warm fuzzy when thinking these people
> are going to help figure out how to protect our infrastructure.
---
From: Peter Bachman
Organization: Cequs Inc.
Date: Sat, 28 Sep 2002 02:11:43 -0400
To: dave@farber.net
Subject: Re: [IP] Interesting - Breakdown of the President's 30 'experts' on
infrastructure security advisor (NIAC)
Looking at Rick's very informative web site, I toodled over to
http://www.whitehouse.gov
where the original executive order is listed, #1321.
http://www.whitehouse.gov/news/releases/2001/10/20011016-12.html
It has the following wording.
(b) NIAC. There is hereby established the National Infrastructure Advisory
Council, which shall provide the President advice on the security of
information systems for critical infrastructure supporting other sectors of
the economy: banking and finance, transportation, energy, manufacturing, and
emergency government services. The NIAC shall be composed of not more than
30 members appointed by the President. The members of the NIAC shall be
selected from the private sector, academia, and State and local government.
Members of the NIAC shall have expertise relevant to the functions of the
NIAC and generally shall be selected from industry Chief Executive Officers
(and equivalently ranked leaders in other organizations) with
responsibilities for the security of information infrastructure supporting
the critical sectors of the economy, including banking and finance,
transportation, energy, communications, and emergency government services.
Members shall not be full-time officia!
ls or employees of the executive branch of the Federal Government.
-------------------
The actual individuals are also listed at:
http://www.whitehouse.gov/news/releases/2002/09/20020918-12.html
Some comments:
There's an interesting and implicit assumption in the "Strategy" about
"ownership and operation of cyberspace", and that one can hope to derive a
line of responsibility and expertise by involving the CEO (or
equivalent) of these related companies, in protecting critical
infrastructure. If this assumption
is correct, then we should all expect some tangible metrics as to how these
CEO's implmented
various parts of the strategy, and what business benefits were derived.
-pb
Peter Bachman