The plan, called the National Strategy to Secure Cyberspace, identifies banking and finance, insurance, chemicals, oil and gas, electricity, law enforcement, higher education, transportation, information technology, telecommunications and water as the main areas that are critical to the "security and well-being" of the US.
The major goals laid out by the strategy document are to prevent cyber attacks against these infrastructures, to reduce national vulnerability to such attacks and to minimise damage and recovery time if cyber attacks do occur, by creating effective contingency plans.
In contrast with earlier versions, the final document does not mandate that the private sector adopt specific security measures, but calls for the government to lead by example by boosting the security of federal systems, and co-operate with private organisations towards the creation of an effective emergency response system to cyber attacks.
Nevertheless, the document recognises that the private sector "is best equipped and structured to respond to an evolving cyber threat", and urges businesses and individual users to adopt protective measures such as installing internet firewalls and anti-virus software.
The document also provides that the Secretary of the recently created Department of Homeland Security (DHS) will co-ordinate the efforts, and will be responsible for, among other things, planning, crisis management and providing technical assistance to the private sector.
Finally, the plan recommends the creation of a "national awareness programme" to educate businesses and the general workforce on securing "their own parts of cyber space."
The release of the final draft of the cyber security plan was delayed many times, and several proposals were dropped in earlier stages, following intense lobbying from industry.
The final National Strategy to Secure Cyberspace document is available at:
www.whitehouse.gov/pcipb/
