June 05, 2009

Obama's dreamy plan for cybersecurity

Pinch me: The White House's Cyberspace Policy Review is the best news yet for Internet security

I feel like a non-Ivy League version of Prof. Paul Krugman whenever I complain about the absence of a national plan for securing the Internet. I don't have the doctorate, but I have plenty of ideas that I want to share with the White House. And like Krugman, I often think the White House hasn't gone far enough or I resign myself to the fact that, without some terrible disaster to spur us into action, we'll never get the level of Internet security we need.

But this time I am impressed. If you haven't read Obama's Cyberspace Policy Review [pdf], then you probably don't know what I'm talking about. Regardless of your politics, this is easily the best mission statement on the subject I've ever seen. Kudos to the Office of the White House and all of the people involved in creating this document. I thought the U.S. government would never get it, but they do!

[ Keep abreast of IT security news by subscribing to InfoWorld's free Security Central newsletter. ]

Plan of action
You don't have to read all 76 pages to get the picture. The Executive Summary and the Near-Term Action Plan at the beginning of the document are enough to tell you that this isn't your father's Internet security plan.

I'm so used to government failures (see CAN-SPAM Act or the multitude of Data Protection Act attempts) that I just assumed the government would never get on the right page until we came face to face with overwhelming cyber destruction. One-third of U.S. adults have had their credit card or online identity stolen. No one bats an eye when 1 million identities are stolen in a single online heist -- it isn't even news anymore. One-half of home PCs are infected by malware each year, and Web sites are compromised by the tens of thousands each night. Legitimate Web sites (e.g. www.foxnews.com) are often the ones (inadvertently) hosting the worst malware. Foreign hackers are infiltrating protected government networks like they are Swiss cheese, and the most popular social Web sites are hotbeds of malicious activity. Corporate espionage is almost a norm. Paris Hilton's smartphone is compromised seemingly every week, and the latest revealing photos struggle to find space on the already crowded pages of TMZ. How bad did it need to get before we tried something different?

Obama and his administration have responded, and I applaud them. The Cyberspace Policy Review is a great start.

additional resources
White Paper - How to Improve Delivery of Advanced Web Applications

White Paper

Virtual Workforce: The Key to Expanding The Business While Cutting Costs

Get the independent advice and expertise you need to support a virtual workforce.

Go inside:
The three-step approach to making a virtual workforce a reality.
The four flavors of client virtualization technologies.
The three key initiatives that solve IT challenges.
Download now »
White Paper: Successfully Secure Your Wireless LAN With Wi-Fi firewalls.

White Paper

Addressing Linux Threats Leveraging Fewer Resources

The increase in Linux popularity has increased the frequency and sophistication of malware attacks. Read this 2 page white paper now to learn how you can protect your Linux environment with real-time protection that is certified by all major Linux vendors.

Download now »
White Paper - The 2009 Handbook of Application Delivery

White Paper

The 2009 Handbook of Application Delivery

Ensuring acceptable application delivery will become even more difficult over the next few years. As a result, IT organizations need to ensure that the approach that they take to resolving the current application delivery challenges can scale to support the emerging challenges. This handbook elaborates on the key tasks associated with planning, optimization, management and control and provides decision criteria to help IT organizations choose appropriate solutions.

Download now »
White Paper - Is Your Backup System Outdated?

White Paper

Mid-range Storage Considerations

A common misconception is that mid-range storage requirements are dramatically different than that of a larger enterprise. Mid-range storage users may require less capacity, but they have similar functionality and management requirements. This ESG paper examines mid-range storage needs and reviews a new solution that adjusts size while retaining value, performance and functionality.

Download now »
Carl Street 5-Jun-09 11:26am
How anyone claimging rational thought can view the ghastly record of government "security" and entertain the idea that their assistance will somehow improve things makes me believe you are a prime candidate for the rubber home for the terminally bewildered. 5,000+ years of history shows that goverment are NEVER the solution. Despite the religious fervor of the members of the institutionalist cult (government); the record is inescapable -- the cure is almost certainly going to be worse than the illness. Even the vaunted "successes" are almost invariably found generations (and billions) later to have been fabrications resulting from the ability of the bureaucracy to bury its failures and silence its critics. Those that can, Do Those that cannot, teach Those that cannot even teach, are employed by the government The ONLY security any of us REALLY needs it to be secure from the mindless dictates and dictats of some bureaucracy populated with those that could not get a job in private industry! May God save us all from rose colored glasses whackos such as yourself!
chartguy 5-Jun-09 12:07pm
Carl Street is right. Government does not work, and this will only make things worse. Government created the problem. Companies that allow financial information to fall into the wrong hands should be held responsible for their actions (or lack of actions). Instead, government gave them cover, insulating them from their irresponsible conduct. If you make businesses liable for their mistakes, they'll figure out the best way to be secure. Until then, it's just a fancy way of letting them off the hook, just as PCI has turned out to be. It might as well be called CYA.
rcprimak 8-Jun-09 7:52am
Paul Venezia (Internet Bill of Rights -- May 18, 2009) and you, Roger (Fixing the Internet -- May 9, 2009) should both have seats at the table as the new Federal Internet Cybersecurity Policy is developed. Both of you have made some excellent points during the past few months. And both have faced withering criticism. Just the sorts of people we need on the Commission which may draft this new policy.

But don't quit your day job here at Infoworld.com -- we need your ongoing insights and advice.

MrPete 8-Jun-09 12:32pm
Roger, I'm curious what exactly is impressive to you about this plan? Do you agree with the report's assumption, that industry is incapable of developing game-changing technology, but somehow the government needs to do something new to accomplish this? Wow, I guess we poor tech people really do need insight from those geniuses in Washington. And do you agree with the blatant power grab, bringing control of the Internet to the White House? So you think they really "get it", that somehow the Internet requires a fully centralized Authority without congressional oversight? I guess data really is unique compared to, say, telecommunications, whose security has been handled by bodies with congressional oversight? (I'm NOT saying congress is perfect of course... but what makes the Executive branch a better fit?) To me, this report looks like a lot of blather covering for a blatant political attempt to grab power and glory. To me, it looks like politics as usual. The same thing we've seen for the last six months. And that's just an order of magnitude increase of what we've seen on the increase for many years.
Brendan 23-Jun-09 5:47am
Carl, you're missing the bigger picture. The private sector has failed up to now, period. That is exactly why the government is stepping in. Also, the government in general and the Executive Branch specifically brings the military, law enforcement and intelligence agencies into the equation. Considering that the Chinesse government is experimenting with taking down our infrastructure and foreign organized crime gangs are working very hard to steal our identities it is going to take a coordinated, comprehensive approach to combat these threats. Roger, my question to you is what effect will these initiatives have on people like the Iranian protestors and Chinesse dissidents who must dodge their governements in order to obtain uncensored information and get their views expressed anonomously?

Sign up to receive InfoWorld Resource Alerts

Subscribe to the Today's Headlines: First Look Newsletter

Find out what will be news for the day, with our first-thing-in-the-morning briefing.

White paper

Log Management: How to Develop the Right Strategy for Business and Compliance

This white paper provides guidance on how to develop a strategic approach to managing and monitoring logs, a key function required for compliance with many regulatory mandates and a critical defense against security threats.

Download now! »

White paper

The Essential Series: Security Information Management

Learn about the processes and technologies that support security information management (SIM) operations, as well as the business case for SIM. The series examines different options for implementing SIM and gives you evaluation criteria for selecting the best option for your organization.

Download now! »

White paper

Aberdeen: Choosing and Consuming Managed Security Services

Learn the strategies, actions, and capabilities that Best-in-Class organizations employ and technologies they choose to obtain superior performance against various security performance metrics. This report provides guidelines for identifying which security solutions to consume as a MSS and defines best practices for choosing and managing MSSPs.

Download now! »
©1994-2010 Infoworld, Inc.