Richard Clarke, the president's computer security adviser, said Wednesday that an upcoming national plan to protect cyberspace will include expectations for home users, as well as large companies and the government.
"Every American relies upon cyberspace, and every American has to do something to secure their part of cyberspace," Clarke said of the plan, which will be released Sept. 19 in Silicon Valley.
Clarke said the plan, which is being hashed out among government officials with input from technology firms, is the Internet component to the national strategy for homeland defense announced by President Bush earlier this week.
The government is struggling with how to protect the nation's critical computer systems from attack by hackers and terrorists. Private companies run most of the country's most sensitive computers --such as those that control water supplies, electrical power and financial institutions.
The plan will include recommendations in five categories, Clarke said. Those are home and small-business users; major corporations; "sectors" like banking, utilities and the government; national issues; and global Internet issues.
The recommendations would not be mandated by law, Clarke said.
Clarke said the recommendations -- which currently number 77 but could change before the official announcement -- will include government-provided software and other tools to make them easier to implement. He declined to say what the specific recommendations are.
"It's designed to not just say [they] have a responsibility, but to empower them by giving them the tools," Clarke said.
Clarke spoke to reporters as well as government and corporate officials to announce government-wide standards for securing Microsoft's Windows 2000, the most commonly used operating system for government and corporate computers.
The Pentagon, the National Security Agency and other private and government organizations devised the standards.
Collectively called the "Gold Standard," the package is a small program that probes computers for known security flaws and makes suggestions on how to eliminate holes used by hackers.
The unprecedented effort will have immediate impact.
All Defense Department computers will have to meet the standards immediately. The White House is considering making the rest of the government follow suit.
Experts say the keys to success will be extending the standards to home and business users, making them simple enough for the public to understand and ensuring they stay ahead of increasingly sophisticated computer attackers.
The effort has brought together some of the biggest names in business, including computer chipmaker Intel, Chevron and Visa -- part of the group that helped create the standards and is encouraging their use.
The breadth of the problem is staggering. The technology research firm Gartner recently projected that through 2005, 90 percent of computer attacks will exploit known security flaws for which a solution is available but not installed.
The program released Wednesday checks a computer for such flaws and shows how to fix them.
Experts hope that private companies will adopt the standards as well and encourage software makers to ship their products in a more secure configuration.
Some government agencies, including the Air Force, are considering using their procurement power to require that vendors offer more secure versions of their software based on the standards.
"We want to transition the bulk of this work to the vendors," Air Force chief information officer John Gilligan said. "That's not an unreasonable expectation."
Copyright 2002. Associated Press. All rights reserved. This material may not be published, broadcast, rewritten, or redistributed.
