Two days into his administration, U.S. President Barack Obama issued a statement outlining his homeland security policy, including the creation of a top advisor in the White House to set cybersecurity policy.
In the homeland security document, published on Thursday, the administration pledged to create a top cybersecurity position, harden the nation's infrastructure, fund research and development of secure computing technologies, and work with the private sector to set standards from cybersecurity. The document also promised that the administration will work with industry to develop better defenses against cyber espionage, shut down the mechanisms through which online criminals profit from their crimes, and mandate better privacy and breach disclosures.
The Obama administration will "declare the cyber infrastructure a strategic asset and establish the position of national cyber advisor who will report directly to the president and will be responsible for coordinating federal agency efforts and development of national cyber policy," the document stated.
Much of the strategy mirrors the recommendations sent to the administration by a group of industry, government and academic experts in cybersecurity. The 94-page report on those recommendations, penned by the Commission on Cybersecurity for the 44th Presidency, stressed that the current U.S. administration needs to treat incursions into the nation's networks as a serious problem, akin to nuclear non-proliferation and combatting terrorism. Indeed, the homeland security document puts cybersecurity as the fourth priority for the administration's security strategy, behind fighting terrorism, limiting the spread of nuclear weapon and preventing bio-weapon attacks and epidemics.
Only late in the previous administration, under former President George W. Bush, did the government make progress in establishing better security for government systems. Years of poor grades under the Federal Information Security Management Act (FISMA) did little to improve information-technology security within federal agencies. Not until major attacks on government networks resulted in congressional hearings did the administration take point on efforts to lock down computers. In 2007, the Bush Administration launched the Federal Desktop Core Configuration program and the Trusted Internet Connection initiative, and last year, President Bush signed the National Security Presidential Directive 54/Homeland Security Presidential Directive 23 creating the Comprehensive National Cybersecurity Initiative (CNCI).
With the push for better cybersecurity, President Obama made good on campaign promises made last summer.
"As President, I'll make cyber security the top priority that it should be in the 21st century," he told people in West Lafayette, Ind., according to a transcript. "I'll declare our cyber-infrastructure a strategic asset, and appoint a National Cyber Advisor who will report directly to me. We'll coordinate efforts across the federal government, implement a truly national cyber-security policy, and tighten standards to secure information — from the networks that power the federal government, to the networks that you use in your personal lives."
If you have tips or insights on this topic, please contact SecurityFocus.
Posted by: Robert Lemos