Home » Security Leadership » Exec. Communication

In Depth

5 Must-Do Cyber Security Steps for Obama

As President-Elect Obama focuses on two wars and a hemorrhaging economy, security experts are urging him to address five weak security links in America's cyber infrastructure that threaten the nation's defenses and financial institutions

By Bill Brenner, Senior Editor

Page 3

Security industry veteran Richard Stiennon made the point in a letter to Obama that ran in Network World, a sister publication of CSOonline.

The first of his 10 suggestions is to issue and executive order establishing responsibility for cyber security with "real negative repercussions for those who fail to prevent breaches." For civilians this means being fired; for the military this means court marshal, demotion, and expulsion for serious security breaches, Stiennon wrote.

"Do not allow the blame to be foisted off on contractors. The only way that security gets implemented is if someone's job is on the line," he continued. "This goes all the way to the top, of course. Whoever you appoint to replace the current assistant secretary for cyber security and communications must understand that security breaches imply failure and those responsible will be replaced."

THE OFFICIAL OBAMA PLAN

The following is a list of the incoming Obama Administration's cyber security goals, taken from Change.gov, the official site of the President-Elect. Does it reflect some of the suggestions listed above? We welcome feedback in the comments section of this article.

Strengthen Federal Leadership on Cyber Security: Declare the cyber infrastructure a strategic asset and establish the position of national cyber advisor who will report directly to the president and will be responsible for coordinating federal agency efforts and development of national cyber policy.
Initiate a Safe Computing R&D Effort and Harden our Nation's Cyber Infrastructure: Support an initiative to develop next-generation secure computers and networking for national security applications. Work with industry and academia to develop and deploy a new generation of secure hardware and software for our critical cyber infrastructure.
Protect the IT Infrastructure That Keeps America's Economy Safe: Work with the private sector to establish tough new standards for cyber security and physical resilience.
Prevent Corporate Cyber-Espionage: Work with industry to develop the systems necessary to protect our nation's trade secrets and our research and development. Innovations in software, engineering, pharmaceuticals and other fields are being stolen online from U.S. businesses at an alarming rate.
Develop a Cyber Crime Strategy to Minimize the Opportunities for Criminal Profit: Shut down the mechanisms used to transmit criminal profits by shutting down untraceable Internet payment schemes. Initiate a grant and training program to provide federal, state, and local law enforcement agencies the tools they need to detect and prosecute cyber crime.
Mandate Standards for Securing Personal Data and Require Companies to Disclose Personal Information Data Breaches: Partner with industry and our citizens to secure personal data stored on government and private systems. Institute a common standard for securing such data across industries and protect the rights of individuals in the information age.