As 2013 draws to a close, I was reflecting on some of the things that happened, and some of the things that did not. One that struck me is that we celebrated the 10-year anniversary of the “National Strategy to Secure Cyberspace.” It’s good that in this ever-changing world there are some things you can count on to remain constant. Because, after all, nothing really has changed in cyberspace since 2003, so why would we want to update the strategy. [OK, this is a bit of snark — but, seriously? We can’t think anything we want to change after 10 years of learning?] For those who are curious, here are the 8 action items from the 2003 strategy:
1. Establish a public-private architecture for responding to national-level cyber incidents;
2. Provide for the development of tactical and strategic analysis of cyber attacks and vulnerability assessments;
3. Encourage the development of a private sector capability to share a synoptic view of the health of cyberspace;
4. Expand the Cyber Warning and Information Network to support the role of DHS in coordinating crisis management for cyberspace security;
5. Improve national incident management;
6. Coordinate processes for voluntary participation in the development of national public-private continuity and contingency plans;
7. Exercise cybersecurity continuity plans for federal systems; and
8. Improve and enhance public-private information sharing involving cyberattacks, threats, and vulnerabilities.