prevent cyberattacks against U.S. infrastructures
reduce national vulnerability to cyberattacks
minimize damage and recovery time from cyberattacks
This document does direct some government agencies to take specific actions. However, the document recognizes that except for government networks and computers, most of the cyberinfrastructure of the United States is owned and operated by private industry. The federal government does not have the authority to give explicit operational direction to that industry on how to protect the cyber infrastructure that is offered to the public for use and the cyber infrastructure that underpins industry’s ability to conduct business. So, much of the strategy in the document encourages, rather than directs, industry to be aware of the problem and to protect itself. This document is publicly available and can be found on the Internet at http://www.whitehouse.gov/pcipb.
In summary, cybersecurity is recognized as a very serious issue in the United States. While a wide variety of education courses are offered, many believe that too few professionals with expertise in information assurance are being graduated from our universities. More graduates are needed at all levels.
Many also believe that (both inside the government and inside private industry) more thought needs to be given to cybersecurity threats to U.S. information systems, as well as threats to other infrastructures that might be amplified using cyberattacks. The strategy for protecting cyber infrastructure requires a public and private partnership between government and the private sector. Many of the actions to be taken to reduce vulnerability and to minimize damage from cyberattacks will be taken by private industry. Other actions can only be taken through international cooperation. All such actions require the involvement of trained professionals with strong knowledge and skills in assuring cybersecurity.