"A national strategy is certainly necessary to effectively deal with the many problems of computer security. While there are indeed well-conceived portions of the Strategy that will lead to procedural improvements in America's information security posture if implemented, the Strategy falls far short of what it was heralded as by the Administration, and were the subject of this article.

Today's release of the National Strategy To Secure Cyberspace is yet another Oval Office attempt to gain consensus in dealing with the many problems associated with effective information security in the United States. Unfortunately, in the areas most responsible for the dismal current state of information security, the Strategy fails to recognize and deal with them at all.

If the administration spent one-tenth the time or money on actual security implementation and education (thus leading to long-term solutions) that it does on convening boards of advisors, councils, town hall meetings, and issuing vaguely-worded, broadly-encompassed, slickly-packaged "feel good" reports like this one, there wouldn't be such a large computer security problem needing to be remedied in the first place."

A good writeup on Bush's Cybersecurity strategy by Richard Forno, former CISO of Network Solutions and the founder of the US House of Representatives computer security programs.  I haven't plowed all the way through the draft yet, but so far I tend to agree with his points

Good:

• Several good practical steps for improving technical security in a variety of environments

Bad:

• Industry influence is VERY obvious, and in many cases the Industry is the problem that needs to be solved
• No real concrete strategy.  This isn't really a surprise, but I'd hoped that the draft would present some sort of 'next step' and a destination for securing our infrastructure.

Again, I'll have more to say once I have time to finish reading the draft.  Work is keeping me busy ;)