Source: [id: 41018; name: CSO; isActive: true; siteId: 3] -- CSO -- $content.altguid

Digital Security Stalled as Obama Eyes Afghanistan

As Obama focuses on Afghanistan, the cybersecurity plan he announced six months ago appears stuck in the mud. CSO Senior Editor Bill Brenner says the President must follow through on his promise to manage multiple crises at a time.

By , Senior Editor

December 01, 2009CSO

In May, President Obama unveiled an ambitious plan to protect the nation's cyber infrastructure that included as its centerpiece a new West Wing-based cybersecurity coordinator. Legitimate criticism abounded over parts of the plan, but there was still cause for optimism. At the very least, it seemed like Obama had a firm grasp of the threat at hand.

Also see Cybersecurity Announcement: Obama Moves in the Right Direction

Six months on, I'm not so sure anymore.

Tonight, the President will unveil his plans for Afghanistan in a speech at West Point after months of intense debate over how many more troops to send in to turn the tide against a resurgent Taliban. It's a matter of critical importance to be sure. The lives of our troops are on the line, and as a country we seem to have lost our way in the war against Al-Qaida.

But as Obama himself noted during the 2008 presidential race -- when John McCain suggested the campaign be suspended so the candidates could return to Washington to focus solely on the then-unfolding economic meltdown -- presidents have to be able to manage multiple crises at a time.

In the case of cybersecurity, Obama is failing to live up to his own words.

See also: 5 Must-Do Cybersecurity Steps for Obama

Six months on, we're still waiting for Obama to name the cybersecurity coordinator. In fact, we haven't heard him say much of anything since his initial speech in late May. In journalism, we call that failing to follow up.

Ira Winkler reminded me of what's at stake in his most recent column on CSOonline.com: I Was Wrong: There Probably Will Be an Electronic Pearl Harbor.

Winkler, long a critic of the Digital Pearl Harbor concept, said the emerging smart grid is forcing him to reconsider his earlier position:

"The researchers from IOActive demonstrated that smart grid boxes can be hacked and that they can spread worms. Not only that, the boxes themselves will be connected to every home and be available to anyone," Winkler wrote. "Anyone therefore has access to the smart grid. With tens of millions of the boxes planned to be distributed throughout the United States, potential attackers can easily get their hands on the systems to tear apart and find new vulnerabilities and attacks. More important, when there is a vulnerability found, how will it be mitigated?"

He concluded that a perfect storm is brewing where the skills and resources required to launch a significant attack is being drastically lowered. "Depending upon the effects of a possible worm on the smart grid boxes and the vulnerability of the generators," he wrote, "there can be a combined attack that does have strategic impact."

RESOURCE CENTER