, SecurityFocus 2008-12-08
A group of technology and government experts called on Monday for the next U.S. administration to create a National Office for Cyberspace and focus more heavily on securing corporate and federal networks, or face continuing economic losses due to online espionage.
In a 94-page report released on Monday, the Commission on Cybersecurity for the 44th Presidency stressed that the next U.S. administration — currently being formed by President-elect Barack Obama — must treat incursions into the nation's networks as a serious problem, akin to nuclear non-proliferation and combatting terrorism.
"America's failure to protect cyberspace is one of the most urgent national security priorities facing the new administration," the commission stated in the report. "Weak cybersecurity dilutes our investment in innovation while subsidizing the research and development efforts of foreign competitors. In the new global competition, where economic strength and technological leadership are as important to national power as military force, failing to secure cyberspace puts us at a disadvantage."
The report is the culmination of a 14-month effort, organized by the Center for Strategic and International Studies, to help the next president of the United States create a more effective cyberspace policy. The task force formed amongst increasing worries that state-sponsored spies and online intruders were breaching sensitive government and industry computer systems, stealing valuable information.
For the past two years, congressional committees have taken an increasing interest in federal agencies' failure to protect themselves against online attacks. The Department of State acknowledged in June 2006 that attackers had installed remote access software on systems in the agency and abroad, stolen passwords and targeted information on China and North Korea. In October 2006, the Department of Commerce took hundreds of computers offline following a series of attacks aimed at federal employees' computer accounts by online thieves that appear to be based in China. Last month, Newsweek reported that computers at both the Obama campaign and the McCain campaign had been breached during the summer by what U.S. officials stated were foreign attackers.
While many policy makers and security experts worried about terrorist-sponsored cyberattacks following September 11, the most damaging intrusions have been those that have led to the loss of intellectual property, the report stated. The loss from such attacks is hard to gauge, said James Lewis, a senior fellow with the Center for Strategic and International Studies, who worked on the commission report. One government agency who fights such attacks estimated losses in the billions of dollars, he said.
"A lot of spending in the coming administration will be on innovation in the U.S.," Lewis said. "But it doesn't do us any good, if our competitors can download that information for free."
Cybersecurity has not been a major priority for past administrations. In 1998, President Clinton signed Presidential Decision Directive No. 63, which required agencies to take steps to protect eight critical infrastructures. In 2000, the Clinton Administration unveiled its National Plan to Protect Critical Infrastructure, but failed to fund critical programs to push federal agencies to secure their systems. While many of those agencies have slowly improved their security compliance scores under the Federal Information System Management Act (FISMA) of 2002, the Bush Administration has also largely failed to create strong recommendations or requirements to improve cybersecurity.