Soon after he took office, President Obama asked for a wide review of the federal IT security landscape. The review’s purpose: to assess what laws and regulations exist, how effective they are, what needs to be changed and how government can work with corporations to protect the country and share technology ideas.
The review, released in May, found 250 points to address in areas ranging from simply educating the public about cybersecurity to the more-complex and politically contentious issues of building a secure identity management system and devising a “cyber incident response” policy similar to how the White House monitors terrorist attacks and natural disasters. At a press conference to release the review, Obama defined the digital infrastructure as a “strategic national asset,” the defense of which should be a national priority.
To read more, see Moving Target and System Security: 5 Ways to Improve Your Defenses Against Attack.
A privacy and civil liberties official should be added to the National Security Council, the review also advised. And to promote U.S. use of “game-changing technologies,” more shared government-private sector research and development should be done.
The review didn’t bowl over many security experts who have been calling for similar changes for years. Indeed, the Center for Strategic and International Studies released a report in December saying much the same thing, done by fewer people in less time. The big news was Obama’s creation of the position of Cybersecurity Coordinator, reporting to him and belonging to both the national security staff as well as the National Economic Council.
It’s the cross-agency reach and Obama’s pledge to work closely with the private sector that will make the “cybersecurity czar” (who had not been named at press time) successful, says Eugene Schultz, CTO of consultancy Emagined Security. “Odds are higher that we will have sane management of this.”
Do you Tweet? Follow me on twitter @knash99. Follow everything from CIO Magazine @CIOMagazine.