Obama Outlines Serious New Cybersecurity Strategies
President Obama has outlined plans for tougher cybersecurity policies, including a new office of cybersecurity to coordinate efforts. Running the show will be a cybersecurity czar tasked with nothing less than protecting the country from serious cyberattack -- or responding if one should occur.
May 29, 2009 2:17 PM PT
President Barack Obama held a press conference on Friday to announce the creation of a new White House office of cybersecurity, helmed by a chief who will report to the National Security Council and the National Economic Council.
That person has not yet been named, but speculation is rampant that it will be Melissa Hathaway, who led a recent two-month review on cybersecurity issues.
The new cybersecurity czar will integrate and coordinate all cybersecurity policies for the government -- a job description that includes making sure that government agencies have devoted enough of their budgets to mount a coordinated response to a major attack.
Obama also unveiled a 76-page cyberspace action plan. Noting that his own campaign was hacked last year, the president said that cyberthreats are one of the most serious economic and national security challenges facing the U.S. right now.
The chief executive's attention to the issue is likely to give cybersecurity, in general, a significant boost.
"This is the first time there has been a national focus on both economic security and privacy, and both of these concerns should be at the top of our national agenda," Abe Kleinfeld, CEO of nCircle, told TechNewsWorld.
"Obama's initiative heralds the maturity of the information age, in which the public and private sectors rely on online channels for routine business and personal activities," Paul Davie, founder and COO of Secerno, told TechNewsWorld. "Cybersecurity is the next obvious step, and it is sadly one that is often an afterthought."
The report also introduces a number of new cybersecurity concepts -- for example, a legal standard of care. Such a standard would give organizations a clear sense of what is expected of them at the commercial level, Philip Lieberman, president and CEO of Lieberman Software, told TechNewsWorld.
"Right now, most firms don't know what is expected of them," he said.
It's unlikely the administration's initiatives will bring about a cybersecurity transformation in the near term, however.
"This report won't change how the private sector goes to work on Monday morning," remarked nCircle's Kleinfeld. "It is a good report that covers all the right near- and mid-range actions, but it doesn't include any specific direction for the more difficult implementation questions."
It also doesn't address the underlying tension between privacy and economic security -- or offer recommendations on how to begin easing this tension, he added.
"The call for public private partnerships is right on target, but any kind of security cooperation on this scale has yet to be achieved," concluded Kleinfeld.
Indeed, introducing any new office in the presidential ecosystem will require a runway, of sorts. "The new cyberczar could have a huge impact on the commercial sector and the average person on the street," Digital Defense Chief Compliance Officer Tom DeSot told TechNewsWorld.
With the position reporting to both the National Security Council and the National Economic Council, there should be a balance held between the government's priorities and the needs of companies and consumers, he said -- namely protection and community education on the government's part, and regulatory concerns and privacy in the private sector.
"Though the president indicates in his speech, '... I repeat, will not include -- monitoring private sector networks or Internet traffic,' as well as 'I remain firmly committed to net neutrality ... ,' if there is an attack upon our national infrastructure, can those statements hold?" DeSot wondered.
"There are already those within the privacy advocacy and legal communities who are concerned that the new cyber-czar role will provide the government carte blanche to do what is necessary to protect the U.S. computing infrastructure, including rolling back the very statements made in the President's speech," he continued.
"Further, commercial businesses worry that the new role will lead to new or more restrictive information security legislation, placing new pressure on budgets that are strained already in the current economy," said DeSot.