Experts: Obama cybersecurity plan short on details

New cybersecurity coordinator also will have limited power and split priorities

| Print | 2 comments|

25 Recommendations

U.S. President Barack Obama's new cybersecurity report is short on details and creates a federal coordinator position that may have limited power, some cybersecurity experts said Monday.

The new cybersecurity coordinator will report both to the U.S. National Security Council and the National Economic Council, raising concerns that whoever Obama names will have split priorities, said Stewart Baker, a partner in the Steptoe & Johnson law firm and a former assistant director for policy in the U.S. Department of Homeland Security.

[ InfoWorld's Bill Snyder advises readers to watch out for the feds' proposed cybersecurity 'fix.' | A report released late last year offered Obama some far-reaching cybersecurity recommendations. | Keep up on the day's tech news headlines with InfoWorld's Today's Headlines: First Look newsletter and InfoWorld Daily podcast. ]

"That is not an indication that this office will be given large amounts of authority," said Baker, who served at DHS during former President George Bush's administration.

While many initial reactions to the release of the Obama administration report (pdf) were positive, speakers at a Congressional Internet Caucus event Monday raised some concerns, particularly that the report is short on details.

The report, released Friday, calls for the U.S. government to develop a national cybersecurity strategy in addition to the appointment of a federal cybersecurity coordinator. Obama also said cybersecurity would become a key management priority at the White House, and the report recommends a new cybersecurity incident response plan that involves both the U.S. government and the private sector.

Several panelists praised Obama for focusing presidential attention on a growing cybersecurity problem. "I practically wept with joy when the president said that cybersecurity would be a strategic national asset," said James Lewis, senior fellow of the Technology and Public Policy Program at the Center for Strategic and International Studies, a Washington, D.C., think tank.

While the goals in the report are worthwhile, it took the Obama administration longer than promised to deliver it, he said. While the report and accompanying Obama speech were "really strong," the Obama administration will have to develop metrics to measure cybersecurity success and will have to prove it's doing more than Bush's administration did, Lewis said.

Lewis and other panelists pointed out that this is the fourth major presidential announcement on cybersecurity in the past dozen years, with former plans meeting limited success. Bush's national cybersecurity plan, released in 2003, received attention for about six months, and "then it sat on a shelf," said Marcus Sachs, executive director of government affairs for national security policy at Verizon. "It was no longer a priority."

Still, Sachs and Robert Holleyman, president and CEO of the Business Software Alliance, praised Obama for moving the cybersecurity debate forward. "The nature of the threat is growing so substantially that it was important to undertake this review," Holleyman said.

The Obama plan seems headed in the right direction, added Gregory Nojeim, senior counsel at the Center for Democracy and Technology. Friday's report stresses that cybersecurity must not infringe on U.S. residents' privacy, and it recommends the cybersecurity coordinator's office includes a chief privacy officer.

"They seem to be interested in having privacy baked into the solution," Nojeim.

Baker and other panelists said the new coordinator's position will be difficult as the coordinator will have to rein in cybersecurity efforts at multiple agencies and work with the private sector as well. With such a wide area of responsibility, the first coordinator could easily fail, Baker said.

But with growing reports of sophisticated cybersecurity breaches, the U.S. government needs to take action, Baker added. "This could not be more urgent," he said. "We have to do something, and we have to do it very quickly."

Tags: Government use of IT, regulation, security, cyber security

| Print | 2 comments|

25 Recommendations

Sign up for InfoWorld's Today's Headlines: First Look newsletter.

White Paper

Virtual Workforce: The Key to Expanding The Business While Cutting Costs

Get the independent advice and expertise you need to support a virtual workforce.

Go inside:

The three-step approach to making a virtual workforce a reality.

The four flavors of client virtualization technologies.

The three key initiatives that solve IT challenges.

Download now »

White Paper

Addressing Linux Threats Leveraging Fewer Resources

The increase in Linux popularity has increased the frequency and sophistication of malware attacks. Read this 2 page white paper now to learn how you can protect your Linux environment with real-time protection that is certified by all major Linux vendors.

Download now »

White Paper

The 2009 Handbook of Application Delivery

Ensuring acceptable application delivery will become even more difficult over the next few years. As a result, IT organizations need to ensure that the approach that they take to resolving the current application delivery challenges can scale to support the emerging challenges. This handbook elaborates on the key tasks associated with planning, optimization, management and control and provides decision criteria to help IT organizations choose appropriate solutions.

Download now »

White Paper

Mid-range Storage Considerations

A common misconception is that mid-range storage requirements are dramatically different than that of a larger enterprise. Mid-range storage users may require less capacity, but they have similar functionality and management requirements. This ESG paper examines mid-range storage needs and reviews a new solution that adjusts size while retaining value, performance and functionality.

Download now »