President Barack Obama said Friday he plans to name a White House cybersecurity czar, following the release of a 60-day review detailing plans to strengthen the nation's digital infrastructure.
"I'm creating a new office here at the White House that will be led by the cybersecurity coordinator," Obama said Friday during a White House press conference, Reuters reported. "Because of the critical importance of this work, I will personally select this official. This official will have my full support and regular access to me as we confront these challenges."
In the press conference, Obama outlined security threats to the nation's cyber infrastructure and said the appointed official would coordinate and oversee implementation of cybersecurity policies and synchronization of the U.S. response in order to reduce the risk of a major attack on its digital networks.
In February, Obama directed the National Security Council and Homeland Security Council to conduct a 60-day review, headed by Melissa Hathaway, examining the nation's digital systems with the aim of developing a framework to integrate and secure U.S. critical infrastructure against security threats and cyber espionage.
Hathaway maintained that the cybersecurity review was a launching point that would subsequently spur legislation and initiatives designed to shore up security holes in the nation's cyber infrastructure.
"The globally interconnected digital information and communications infrastructure known as cyberspace underpins almost every facet of modern society and provides critical support for the U.S. economy, civil infrastructure, public safety and national security," Hathaway said in a government blog post Friday. "For all of these reasons, we need a safe Internet with a strong network infrastructure and we as a nation need to take prompt action to protect cyberspace for what we use it for today and will need in the future."
Altogether, the resulting cybersecurity report offers a comprehensive action plan that calls for the creation of educational opportunities and opening up of a national dialogue about cybersecurity, expanding partnerships between the federal government and private sectors, creating an effective incident response plan and providing a framework that fosters technological innovation.
During his speech, Obama referred to the fact that he was also the victim of a hacking incident, citing last year's hack on his BlackBerry, and noted that hackers got a hold of e-mails and campaign files during the 2008 presidential election.
"Cyberspace is real and so are the risks that come with it," Obama said in his speech.
Meanwhile, Obama emphasized the importance of privacy, and reinforced that the federal government would not enhance the nation's digital infrastructure in order to monitor private sector networks or individuals' personal Web traffic.
"Our pursuit of cybersecurity, I will not -- I repeat, will not -- include monitoring private sector networks or Internet traffic. We will preserve and protect the personal privacy and civil liberties that we cherish as Americans," he said. "Indeed, I remain firmly committed to net neutrality so we can keep the Internet as it should be -- open and free."
Instead, Obama said that the U.S. government would build on existing partnerships and create new alliances with the private sector and further invest in research and development to help strengthen the nation's cyber infrastructure.
Industry experts hail the cybersecurity review as an important first step that will bring security issues into the forefront of public awareness and help develop comprehensive legislation and policies that will ultimately protect critical cyber infrastructure.
"[President Obama] is effectively saying this is a national priority for the White House. It's critical to our long-term safety. The White House and the president are watching," said John Stewart, Cisco Systems' chief security officer. "If he's watching, then you're working on it."
Stewart said that the resulting awareness could likely result in the allocation of more research and development dollars to the security industry and more government-backed security projects for the public sector.
"There are a bunch of examples in which the investment often starts in academia then morphs into the commercial sector," Stewart said. "The whole nature of research is to have some amount of failure where you're not having to worry about profit."
However, security experts maintain that the government needs to take a more proactive role in spurring innovation in order to successfully enhance the nation's cybersecurity infrastructure.
Chris Schwartzbauer, senior vice president of Shavlik Technologies, said that one of the most important areas where the review fell short was ensuring efficient, streamlined processes that would bring new and innovative technologies to market more quickly in the public sector.
"It's not easy to come up with a great technology for addressing a threat, or configuring a system, and then to get that system into Homeland Security of DOD. It's got to go through a lot of steps," Schwartzbauer said. "What that means is, the government is taking so long to procure it that the bad guys are ahead of them. There are no barriers for the bad guys to use the latest and greatest.
"We need to look at a way to rapidly outfit our infrastructure with the best technology and streamline it to defend against these threats," he said.
Meanwhile, Paul Kocher, president and chief scientist of San Francisco-based Cryptography Research, said that the federal government would have to impose tougher mandates on industry vendors to integrate security at the beginning of the development process as well as require adequate product testing before going to market.
"We need to come up with approaches that improve the quality of the code and actually get to the point where the attackers are unable to get the data they want," Kocher said. "Will the government start imposing tougher requirements on vendors who want to sell computer systems to the government? That's where you'd start to focus to start having an effect."
But imposing stringent regulations on vendors wasn't likely, Kocher said, especially in light of a "first-to-market" paradigm. "Are they slowing down a product launch to get that extra testing done? Right now, if you're a software developer, you make the most money by shipping the product as soon as its functional."
Kocher added that the U.S. was far behind its European and Asian counterparts in imposing mandates on industry vendors in adequately funding research and making effective use of the dollars spent.
"There's absolutely no sign of that happening right now," Kocher said. "We're losing ground and losing ground rapidly. We have a lot of challenges and I'm not sure that Washington can come up with sufficient standards and policies to make a difference."
|
Symantec's Code Red: The Law Enforcement/Anonymous E-Mail Exchange Law enforcement officials negotiated via e-mail for more than two weeks with an Anonymous group member trying to extort $50,000 from Symantec to keep stolen product code off the Internet. |
|
How To Sell IT Security Services To Your Customers Cyberattacks can cost a business thousands, even millions, of dollars, and can deal a death blow to some. Here's how IT solution providers can help guard against malicious attacks. |
|
Cybersecurity Experts: What They Know Could Scare You A recent report based on interviews with security experts in government, business and academia finds more than half in agreement that a worldwide arms race is taking place in cyberspace. |
 More
Slide Shows |
- Insider Threats: The Next Frontier for Security Resellers and SMBs
- Complete Security and Your Bottom Line: Sophos, Value and the Channel
- Tough Threats, Tougher Security: How You Can Leverage New Solutions To Combat A “Targeted Attack” Landscape
- Dark Clouds Ahead: Why the Mid-Market Needs To Ramp Up Cloud Security and How You Can Help Them Get There
