This is taken from eweek magazine. I'm giving you the first section of the article, plus a link to it in it's entireity. I must confess, I tend to find this a bit disturbing and am interested in seeing if my feelings on this matter are shared.....

Bush to Call for Fed NOC
By Caron Carlson and Dennis Fisher

The Bush administration has plans to create a centralized facility for collecting and examining security-related e-mail and data traffic and will push private network operators to expand their data-gathering initiatives, according to an unreleased draft of the plan.

The proposed cyber-security Network Operations Center is included in a draft of the National Strategy to Secure Cyberspace, which was developed by the President's Critical Infrastructure Protection Board and is due for release Sept. 18.

The call for expanded data collection and analysis results from administration concerns that efforts to secure cyberspace are hampered by the lack of a single data-collection point to detect cyber-security incidents and issue warnings, according to a draft of the plan, which was obtained by eWeek.

Critics, however, worry that such a system would be expensive, difficult to manage and allow government agencies to expand their surveillance powers.

Other recommendations include requiring corporations to disclose their IT security practices, establishing a test bed for multivendor patches, creating a certification program for security personnel and mandating certifications for all federal IT purchases. (See chart for other proposals.)

According to the draft, the government's "forward-looking analysis" capabilities are considered sparse because of a shortage of information. The proposed center would improve capabilities for predicting cyber-security incidents as well as responding to hacker or terrorist threats.

Howard Schmidt, vice chairman of the CIPB, said the center would consolidate threat data from the country's collection end points, such as the FBI's National Infrastructure Protection Center, the Critical Infrastructure Assurance Office, the Department of Energy and commercial networks.

Private companies would also be encouraged to increase the amount of data collected and share it with the government. "Major companies generally report this information internally," Schmidt told eWeek. "We're looking for that to come back to a central location."

According to the draft strategy, the public/private initiative would involve the major ISPs, hardware and software vendors, and IT security companies, in addition to law enforcement agencies.

Some said they believe the government's interdepartmental rivalries and information-sharing rules will hamstring any attempt at centralized collection and analysis. "There are such high barriers in government to being able to disseminate information and react to threats, I don't think it will have much impact," said William Harrod, director of investigative response at TruSecure Corp., in Herndon, Va., and a former FBI computer forensics specialist. "They'll have different information coming in from different analysts, and they'll have to weed through it."


To view the entire article visit http://www.eweek.com/article2/0,3959,484669,00.asp


Does this trouble anyone else besides me?