While we have come a considerable distance in our journey to better understand the nature of this problem, many of us have been frustrated by the lack of a supportive environment for progress. Although we can continue to make progress, even on the rocky path we are currently forced to travel, progress in the six areas identified in the graphic will greatly smooth out our path and accelerate our progress.
First, one of the key prerequisites for progress is to create awareness of the problem and its complexities, as well as to foster a climate that will facilitate discussion and cooperation among the many groups and organizations that need to be a part of this effort. Given recent events surrounding some aspects of information security, we need to start by rebuilding bridges between some public and private sector groups and organizations.
Second, it is important that we work toward a well-defined vision that clearly lays out what we are trying to achieve and the appropriate role of the Government.
Third, the "rules of the game" need to be developed and promulgated. Many of our current laws and regulations have not caught up with the realities of the Information Age. A set of rules needs to address the establishment of information security standards, or a minimum level of defense to be associated with different kinds of data and information services. These would be similar to the recent development of privacy standards.
Fourth, self-interest, even enlightened self-interest and the desire of individuals and organizations to be good citizens, are not enough to ensure that appropriate actions and defenses will be developed and employed. Resources need to be provided for government organizations to help implement this framework for progress and to develop and implement the needed defenses. We also need to provide incentives that encourage public sector organizations to do what is collectively needed. In some specific cases, the Government will need to actually provide funds to private sector organizations to implement enhanced security.
Fifth, the solution to this problem depends on a great deal of cooperation among disparate groups and organizations. Mechanisms to facilitate and enhance cooperation (including the establishment of panels, groups, and clearinghouses) need to be developed.
Sixth, we need to fix responsibility for the many tasks involved in IW-D. We need to decide questions of jurisdiction. We need to make liabilities known and well defined. Finally, we need to clearly establish the responsibility of each organization. The nature of organizational responsibilities is discussed in more detail below.
None of these six aspects of the framework for progress is likely to be accomplished anytime soon. One only need review the legislative process and experiences with the translation of privacy concerns into a set of rules of the game to realize that it will be quite a while before each of these foundational pillars is in place. However, we must begin now to foster discussion of these issues and try to keep attention focused on this subject.