Safeguarding US computer networks against terrorist attack has been a concern ever since 9/11. But should government force more secure networks and fail-safe software? Or should it just urge better security on the community of computer users and suppliers?
The Bush administration has come down in the latter camp laying out ways to fight cyberattacks, but making the adoption of them voluntary.
The computer industry was consulted in drawing up the Bush plan. Companies were known to oppose mandatory steps, such as requiring Internet service providers to build firewall software into their products to protect against intrusions.
Instead, the plan encourages businesses and individual users to use such software. It also sets standards for more secure computer use, supports training programs for cybersecurity specialists, and directs federal spending toward products with strong security features.
Federal mandates may well have been overkill. But the plan comes in a war context, and it could use some toughening. Tax incentives to encourage the production and purchase of less vulnerable equipment is a possibility. As is a deadline for strengthening networks against possible attacks.
The plan now enters a 60-day comment period before a final draft. So there's opportunity to beef it up.