Cybersecurity Announcement: Obama Moves in the Right Direction
There will be a lot of legitimate critiquing of President Obama's cybersecurity plan. But CSO Senior Editor Bill Brenner believes he deserves credit for moving the issue higher up the nation's priority list.
By Bill Brenner , Senior Editor
May 29, 2009 — CSO —
As I write this, the security community is buzzing with speculation over who President Obama will choose as his new, White House-based cybersecurity czar. My e-mail inbox is brimming with requests from PR folk who want me to interview their security vendor clients about the big announcement.
The PR push makes me wonder what the calls would be about. Perhaps their vendors have shiny new products to meet any company's cybersecurity-czar challenges? Maybe the product will automate the Administration's cybersecurity machinery in the event the new cyber czar quits in frustration after a few weeks or months. [See: Federal Cybersecurity Director Quits, Complains of NSA Role]
The thing is, for those of us who focus on Internet security for a living, nothing Obama says today will be new.
From the beginning Obama has floated the concept of putting cybersecurity more directly in White House hands. We all want to know who will get the position, but as of this writing the White House is saying candidates are still under consideration and no announcement to that effect will be coming today.
As for the 60-day review Obama ordered shortly after taking office, Melissa Hathaway, acting senior director for cyberspace for the National Security and Homeland Security Councils, ran through some of the high points at last month's RSA security conference [Why the Top U.S. Cyber Official is Losing Sleep]. We're supposed to get a deeper look at the details today, but I doubt we will hear anything we didn't already know.
We already know, as Hathaway put it last month, that "despite all of our efforts, our global digital infrastructure, based largely upon the Internet, is neither secure enough nor resilient enough for what we use it for today and will need in to the future" and that "this poses one of the most serious economic and national security challenges of the 21st century."
We already know that critical infrastructure, including the power grid and water supply system, is under threat from those who would hijack the IT machinery used to run it all. Industrial control systems, including SCADA (supervisory control and data acquisition) systems, have been in the crosshairs for years. Go back to 2003 for the example of the Slammer worm infesting systems at Ohio's Davis-Besse nuclear power plant. [Why SCADA Security Must Be Addressed]
And security experts have repeated time and again that a key to making things better is user education/awareness.
But the wider public isn't anywhere near as aware as it should be. For that reason, the activity coming from the White House today is cause for hope.