The Macrosite for News, Analysis and Opinion about the Future of the Internet
Daniel Castro

Cybersecurity Challenge Calls for Multilevel Plan

Written by Daniel Castro
6/1/2009 6 comments
DISCUSS   Digg   Del.icio.us   Reddit   Email This   TWEET THIS

On Friday, May 29, the Obama administration announced the results of the 60-day review on cybersecurity conducted by Melissa Hathaway and laid out new priorities for cybersecurity.

Overall, the report delivers a solid overview of the current challenges and presents next steps for grappling with them. Key portions of this strategy include creating a "Cyber Czar" to oversee national cybersecurity initiatives; public-private partnerships to better share data and resources; efforts to create and retain a skilled cybersecurity work force; and plans to increase public awareness of cybersecurity threats and challenges.

The report's near-term action plan also includes updating the national strategy to secure cyberspace; developing a framework for additional research and development of security technology; and preparing a cybersecurity incident response plan.

The fact that the Obama administration is making this a priority speaks volumes about the growing need to secure our critical infrastructure. With two wars, a growing nuclear threat from North Korea, and a still-struggling economy, the President already has more than enough to keep him busy. But many important policy objectives of this administration rely on digital infrastructure -- from modernizing the healthcare system with electronic medical records to building a "smart" energy grid.

Government leadership is needed to make this happen. But responsibility for cybersecurity should not rest with any single government agency, as it has become an important component across all agencies. In particular, this responsibility should not be usurped by the defense agencies, because the threats are much broader than national security.

In addition, many cybersecurity activities need to remain unclassified for continued innovation and adoption on non-military systems. The Pentagon has already released new plans to build a cyber command center to conduct both offensive and defensive online computer warfare. A national cybersecurity strategy needs to be much broader than this and address the broader economic and consumer issues raised by these online threats.

For example, government needs to work with industry to develop secure systems for electronic medical records; but it needs to work even harder to get healthcare providers to start using those systems and make sure the systems are interoperable. Similarly, the electric grid should be secured from online attacks by foreign adversaries, but the more pressing priorities are to upgrade the transmission and distribution networks to increase their overall performance and reliability.

But the path forward will also require new thinking and new ideas. The past problems with cybersecurity were not simply a lack of sufficient government involvement. Nor will these problems be solved by merely shuffling around the government hierarchy.

Government agencies need to actively partner with the private sector to identify risks and mitigate threats as a necessary component of a national cybersecurity strategy. Private industry controls many of the networks, hardware, and software that make up our national digital infrastructure, and it will continue to be on the frontlines of any efforts to improve cybersecurity.

Government also needs to work with industry to facilitate better data sharing and develop better metrics for risk management. Likewise, citizen engagement and education will similarly be important; otherwise, the weakest link will be the American citizen. While attempts to hack into the electric grid are more likely to show up on the president's daily brief, consumers must contend daily with other cybersecurity threats, such as spam, malware attacks, phishing, and identity theft. Fortunately, the administration seems to recognize the limitations of the federal government working alone and has indicated that it will work closely with the private sector on many of these issues.

At the end of the day, the cybersecurity strategy outlined by the new administration will be just one part of a global effort to make digital infrastructure more secure. Just as global climate change cannot be solved by a single country, neither can one nation solve all of the cybersecurity challenges of this century.

Although it has the opportunity to become a global leader on the issue, the United States will be just one country among many working to address cybersecurity threats. But it does have an important role to play in encouraging innovation, setting standards, and building partnerships with other nations.

One more thing: Words matter, but so do actions. The administration has laid out a bold plan for cybersecurity -- now we will have to wait to see how well it can execute this vision.

— Daniel Castro is a Senior Analyst with the Information Technology and Innovation Foundation (ITIF)
DISCUSS   Digg   Del.icio.us   Reddit   Email This
Current display:       newest comments first       display in chronological order
lenrosen
Rank: Cave Painter
Wednesday June 3, 2009 7:43:47 PM
no ratings

The best outcome is the level of focus on issues related to the importance of the network and Internet infrastructure and the part it plays in the modern world. It's good to have a President who walks the walk in technology usage, and has a basic understanding of the complexities involved in creating what to so many users seems so transparently simple, such as a Google Search.

Mark Odiorne
Rank: Cyborg
Wednesday June 3, 2009 6:44:03 PM
no ratings

They don't need a czar to dictate from on high, they need a coordinator with a great project management staff. Someone who can speak multiple languages (government, business and 'real world') and "herd cats". Has to be respected by all sides and willing to speak the truth.

A guy can dream, can't he?

Mark Odiorne
Rank: Cyborg
Wednesday June 3, 2009 6:36:58 PM
no ratings

Smart people don't always make smart decisions, they make business decisions. Security is almost always an afterthought, bolted on at the end. Bruce Schneier said it very well when he said that there will always be a struggle between security and "getting the work done" because security often gets in the way of the real business of the organization - and the business side most often will win. Until the pain of poor security outweighs the benefits of ignoring it.

no ratings

I don't know if you read the speech the President gave but he began his remarks with a revelation that during the run up to the election hackers managed to penetrate his computer campaign systems, gaining access to emails, campaign files, policy postion papers and travel plans.

The President stated that the fundraising website was at no time compromised but to deal with the security breaches, the team had to call for assistancefrom the FBI, CIA, Secret Service and a number of private consultants to ensure the security of the system.

When you consider the brain power behind the Obama Campaign's web presence, I found this revelation to be disturbing. If that team couldn't anticipate security problems in their network design, what does that mean for the rest of us?

 

 

Terry Sweeney
IQ Crew
Tuesday June 2, 2009 1:16:23 PM
no ratings

A bevy of names are floating to the surface as potential nominess for the new cybersecurity position that Obama envisions, including:

  • Rear Admiral Robert C. “Willie” Williamson, USN (Ret) who's currently Director, Naval Integration and Transformation at Raytheon
  • Paul B. Kurtz, online and homeland security expert, and served in previous White House positions under both Clinton and Bush.
  • Roger Cressey, founder of Good Harbor Consulting and also a veteran of the Clinton and Bush administrations.
  • Richard A. Clarke, security gadlfy, author, battle-scarred White House staffer

    • And for those at home keeping score, the Department of Homeland Security also finally filled Rod Beckstrom's old job and appointed a few other DHS cybersecurity hands.

    Mary Jander
    Thinkernetter
    Tuesday June 2, 2009 10:12:15 AM
    no ratings

    I'm with the gang who've provided the most responses to our latest poll. I would like to think that the Washington bureaucracy could overcome its insularity and political biases long enough to make this work. On the other hand, they've spoiled other admirable projects and there's no reason to believe they won't dig in on this one.

    At least this move has spurred public attention to the urgency of cybersecurity.

    The ThinkerNet does not reflect the views of TechWeb. The ThinkerNet is an informal means of communication to members and visitors of the Internet Evolution site. Individual authors are chosen by Internet Evolution to blog. Neither Internet Evolution nor TechWeb assume responsibility for comments, claims, or opinions made by authors and ThinkerNet bloggers. They are no substitute for your own research and should not be relied upon for trading or any other purpose.
    previous posts from Daniel Castro
    Daniel Castro
    Daniel Castro   5/26/2009   8 comments
    A recent article in The Washington Post has called into question the role of the private sector in setting standards for electronic health record (EHR) systems. Specifically, the article questions the appropriateness of allowing a group that originally pushed for stimulus funds to now have an oversight role in how those funds are spent.
    IETV: the thinkerNet on film
    5
    of
    2pm EST
    Tue
    Dec 1st
    an IBM information resource
    sponsored content
    big blue blog
    Todd Watson
    Todd Watson   11/20/2009   Post a comment
    While Google introduces its new Chrome OS (which I'm hearing will be widely available in one year?  Did I mishear that?), IBM announced 10 new products today to help companies using IBM System z mainframe technology.
    white papers & case studies
    an IBM information resource
    sponsored content
    Smarter Collaboration: How to Thrive in a Challenging Business Environment
    Market conditions are changing faster than ever, and organizations need to improve their agility and adaptability in order to provide better service and improve processes. The ability to work with customers, business partners, and employees as effectively as possible - while at the same time holding down costs - is a key to success.
    READ THIS eBOOK
    your weekly update of news, analysis, and
    opinion from Internet Evolution - FREE!
    REGISTER HERE
    Wanted! Site Moderators
    Internet Evolution is looking for a handful of readers to help moderate the message boards on our site – as well as engaging in high-IQ conversation with the industry mavens on our thinkerNet blogosphere. The job comes with various perks, bags of kudos, and GIANT bragging rights. Interested?

    Please email: moderators@internetevolution.com
    Copyright © 2009 United Business Media Limited - All rights reserved.      About Us  |  Privacy Policy and Terms of Use  |  Contact Us
    CMP Media LLC
    Internet Evolution – not for thickies
    To Cloud or Not to Cloud: IT Vendors Ponder the Question
    Gordon Haff
    Arms merchant or army? That's a fundamental question for vendors in the cloud computing space. Do they just sell their tooling to any and all comers, who then become the actual purveyors of hosted infrastructure, developer platforms, and software? Or do they offer their own cloud-based services, perhaps even keeping much of their technology in-house for competitive advantage?
    CLICK FOR MORE
    Groups Join Fight to Keep Big Brother Offline
    Don Reisinger
    Much has been made over the possibility of the U.S. government spying on Web users. There is a fear that through advanced technology, loopholes in federal regulations, and sheer gall, government officials will engage in acts that put the U.S. citizenry at risk. But whether or not the government is actually engaging in any activities online that puts its intentions into question is up for debate.
    CLICK FOR MORE
    Banks Cooperate for Better Risk Analytics
    Mary E. Shacklett
    With the value of toxic assets on the rise, large U.S. and European banks face many challenges on the road to recovery. Sharing key information may help these firms effectively track the way forward.
    CLICK FOR MORE
    How to Score, Not Bore, With Web Newsletter Graphics
    Dan Cypra
    A picture is worth a thousand words, or so the old saying goes. So understanding how to use images in e-newsletters effectively is quite important. Here are a few tips to ensure that your images in email newsletters work to your advantage.
    CLICK FOR MORE
    what.the.ferraro
    Facebook Lacks Social Skills
    11|20|09   |   1:53   |   1 comment

    Facebook's 'Suggestions' for users demonstrate how little social networking sites understand about true social relationships.
    Singer at C-Level
    Smart Grid Opportunities
    11|20|09   |   2:49   |   No comments

    Industry initiatives and government stimulus funds are giving enterprise software vendors a great opportunity to help build out and manage smart grid technologies.
    Tom Nolle
    Total Telephony Transcends Telepresence
    11|20|09   |   2:11   |   2 comments

    The problem with telepresence is that it's not universally accepted, because video calling isn't. While we can all do video calling, we also apparently worry too much about how we look. If we want HD telepresence in our future, we have to dress down, mess up our hair, and dive into our online life.
    what.the.ferraro
    ThinkerNet Wins Min's Award for Best Blogs!
    11|19|09   |   1:13   |   4 comments

    ThinkerNet wins the Min's award for 'Best Blogs' – Internet Evolution's fifth award this year!
    Full Nelson
    SanFran.gov
    11|19|09   |   8:51   |   No comments

    Fritz has an exclusive talk with the mayor and CTO of San Francisco about that city's latest e-government efforts.
    Robert D. Atkinson
    America Has Much to Learn About Digital Piracy
    11|18|09   |   2:09   |   No comments

    The US loses about $20 billion a year on pirated software, movies, and music. But public policy can help stem the tide of digital theft. For example, France has recently passed a 'three strikes and you’re out' law, whereby if after two warning letters an individual continues to download pirated software then his Internet access will be cut off. US policy makers should consider adopting similar policies.
    Singer at C-Level
    Connecting Stakeholders: Part 3
    Part 3 of 3   |       See complete series
    11|18|09   |   2:09   |   No comments

    Financial management planning does not need to include Voodoo economics, but it does help to tap into the knowledge base of your team through some sort of real-time system. We explore your options.
    Reiter's Block
    Tweeting for Customer Support
    11|18|09   |   2:20   |   No comments

    When Reiter gets incensed over incompetent Verizon FiOS order-taking and support, he broadcasts it via Twitter. Did it do any good? How should your company offer Twitter support? Watch this for all the answers.
    what.the.ferraro
    Dogster.com More Popular Than Gov 2.0
    11|17|09   |   2:05   |   1 comment

    A lot of attention is being paid to launching Gov 2.0 Websites, but these sites aren't attracting a lot of visitors.
    Reiter's Block
    Is the BlackBerry 9700 'Bold' Enough?
    11|17|09   |   3:07   |   4 comments

    The successor to the BlackBerry Bold 9000 – the Bold 9700 – will be available soon in the US. Is it worth upgrading? Reiter's got one, and offers advice.
    TechWeb The Global Leader In Technology Media