In the United States government, the National Strategy to Secure Cyberspace, is a component of the larger National Strategy for Homeland Security. The National Strategy to Secure Cyberspace was drafted by the Department of Homeland Security in reaction to the September 11, 2001 terrorist attacks. Released on February 14, 2003, it offers suggestions, not mandates, to business, academic, and individual users of cyberspace to secure computer systems and networks. It was prepared after a year of research by businesses, universities, and government, and after five months of public comment. The plan advises a number of security practices as well as promotion of cyber security education.
The National Strategy to Secure Cyberspace identifies three strategic objectives: (1) Prevent cyber attacks against America's critical infrastructures; (2) Reduce national vulnerability to cyber attacks; and (3) Minimize damage and recovery time from cyber attacks that do occur. To meet these objectives, the National Strategy outlines five national priorities: The first priority, the creation of a National Cyberspace Security Response System, focuses on improving the government's response to cyberspace security incidents and reducing the potential damage from such events. The second, third, and fourth priorities (the development of a National Cyberspace Security Threat and Vulnerability Reduction Program, the creation of a National Cyberspace Security Awareness and Training Program, the necessity of Securing Governments' Cyberspace) aim to reduce threats from, and vulnerabilities to, cyber attacks. The fifth priority, the establishment of a system of National Security and International Cyberspace Security Cooperation, intends to prevent cyber attacks that could impact national security assets and to improve the international management of and response to such attacks.
Ultimately, the National Strategy encourages companies to regularly review their technology security plans, and individuals who use the Internet to add firewalls and anti-virus software to their systems. It calls for a single federal center to help detect, monitor and analyze attacks, and for expanded cyber security research and improved government-industry cooperation.
Strategies formulated in cybersecurity discourse should be responsive and multi-pronged.[2] The former focuses on flexible plans of actions that are developed and adapted in response to the changes and dynamics existing in the socio-technical systems. The latter focuses on the strategies that are developed by thoughtfully considering the interconnected elements, methods, and actors in these systems from several points of view or directions.