Chapter 8: Participating in a National Threat and Vulnerability Reduction Program

Overview

This chapter discuses the goals of priority II of the National Strategy to Secure Cyberspace, which calls for participation in a national threat and vulnerability reduction program. To meet the goals of priority II, an organization should take or be prepared to take the following steps:

• Assist in enhancing law-enforcement's capabilities for preventing and prosecuting cyberspace attacks, which will mean reporting more incidents and filing necessary complaints to support the prosecution of perpetrators.

• Be forthwith in providing information that will contribute to national vulnerability assessments so that all organizations will better understand the potential consequences of threats and vulnerabilities.

• Deploy new and more secure protocols and routing technologies in order to reduce vulnerabilities, which will require upgrading or replacing less secure technology.

• Deploy and use digital control systems and supervisory control and data-acquisition systems that the government has labeled as trusted or that in some other way meets government standards.

• Deploy and upgrade software that can reduce and remediate vulnerabilities, which will mean installing patches more frequently or eliminating less secure software from the product mix used by the organization.

• Help to analyze infrastructure interdependencies and improve the physical security of cybersystems and telecommunications systems to make them meet potential government standards.

• Contribute to a process that helps to prioritize federal cybersecurity research and development agendas and assess and secure emerging systems.