InfoWorld Home / Security Central / Security Adviser / Obama's dreamy plan for cybersecurity
June 05, 2009

Obama's dreamy plan for cybersecurity

Pinch me: The White House's Cyberspace Policy Review is the best news yet for Internet security

| Print | 5 comments|
969 Recommendations

I feel like a non-Ivy League version of Prof. Paul Krugman whenever I complain about the absence of a national plan for securing the Internet. I don't have the doctorate, but I have plenty of ideas that I want to share with the White House. And like Krugman, I often think the White House hasn't gone far enough or I resign myself to the fact that, without some terrible disaster to spur us into action, we'll never get the level of Internet security we need.

But this time I am impressed. If you haven't read Obama's Cyberspace Policy Review [pdf], then you probably don't know what I'm talking about. Regardless of your politics, this is easily the best mission statement on the subject I've ever seen. Kudos to the Office of the White House and all of the people involved in creating this document. I thought the U.S. government would never get it, but they do!

[ Keep abreast of IT security news by subscribing to InfoWorld's free Security Central newsletter. ]

Plan of action
You don't have to read all 76 pages to get the picture. The Executive Summary and the Near-Term Action Plan at the beginning of the document are enough to tell you that this isn't your father's Internet security plan.

I'm so used to government failures (see CAN-SPAM Act or the multitude of Data Protection Act attempts) that I just assumed the government would never get on the right page until we came face to face with overwhelming cyber destruction. One-third of U.S. adults have had their credit card or online identity stolen. No one bats an eye when 1 million identities are stolen in a single online heist -- it isn't even news anymore. One-half of home PCs are infected by malware each year, and Web sites are compromised by the tens of thousands each night. Legitimate Web sites (e.g. www.foxnews.com) are often the ones (inadvertently) hosting the worst malware. Foreign hackers are infiltrating protected government networks like they are Swiss cheese, and the most popular social Web sites are hotbeds of malicious activity. Corporate espionage is almost a norm. Paris Hilton's smartphone is compromised seemingly every week, and the latest revealing photos struggle to find space on the already crowded pages of TMZ. How bad did it need to get before we tried something different?

Obama and his administration have responded, and I applaud them. The Cyberspace Policy Review is a great start.

Related Content...

White Paper

D2D Virtual Tape Library Replication Primer

This whitepaper explains the terminology and concepts behind Data Replication technologies and establishes some sizing rules through worked examples. Learn the new paradigm in disaster tolerance—protect data anywhere.

Download now »

White Paper

An Alternative to Virtualization for Datacenter Cost Savings

Server virtualization is a popular option for dealing with mounting datacenter costs. Another equally promising approach is the use of an Application Delivery Controller. Citrix NetScaler provides a low-cost way for organizations to reduce their server count and accrue cost savings from a reduction in space, cooling, power and personnel.

Download now »

White Paper

Why Your Firewall, VPN, and IEEE 802.11i Aren't Enough to Protect Your Network

The emergence of WLANs has created a new breed of security threats to enterprise networks.

Included in HP ProCurve WLAN solutions is security technology that alleviates threats from WLANs through:
* Monitoring wireless activity inside and out of the enterprise
* Classifying WLAN transmissions into harmful and harmless
* Preventing transmissions that pose a security threat to the enterprise network
* Locating participating devices for physical remediation

Download now »

White Paper

Bringing the Edge to the Data Center

Effectively address data protection challenges, implementing solutions that help store and protect business–critical data while cutting costs and improving efficiency and reliability.

Download now »
5 of 5 comments
Sign In or Register to comment
Carl Street 5-Jun-09 11:26am
How anyone claimging rational thought can view the ghastly record of government "security" and entertain the idea that their assistance will somehow improve things makes me believe you are a prime candidate for the rubber home for the terminally bewildered. 5,000+ years of history shows that goverment are NEVER the solution. Despite the religious fervor of the members of the institutionalist cult (government); the record is inescapable -- the cure is almost certainly going to be worse than the illness. Even the vaunted "successes" are almost invariably found generations (and billions) later to have been fabrications resulting from the ability of the bureaucracy to bury its failures and silence its critics. Those that can, Do Those that cannot, teach Those that cannot even teach, are employed by the government The ONLY security any of us REALLY needs it to be secure from the mindless dictates and dictats of some bureaucracy populated with those that could not get a job in private industry! May God save us all from rose colored glasses whackos such as yourself!
chartguy 5-Jun-09 12:07pm
Carl Street is right. Government does not work, and this will only make things worse. Government created the problem. Companies that allow financial information to fall into the wrong hands should be held responsible for their actions (or lack of actions). Instead, government gave them cover, insulating them from their irresponsible conduct. If you make businesses liable for their mistakes, they'll figure out the best way to be secure. Until then, it's just a fancy way of letting them off the hook, just as PCI has turned out to be. It might as well be called CYA.
rcprimak 8-Jun-09 7:52am
Paul Venezia (Internet Bill of Rights -- May 18, 2009) and you, Roger (Fixing the Internet -- May 9, 2009) should both have seats at the table as the new Federal Internet Cybersecurity Policy is developed. Both of you have made some excellent points during the past few months. And both have faced withering criticism. Just the sorts of people we need on the Commission which may draft this new policy.

But don't quit your day job here at Infoworld.com -- we need your ongoing insights and advice.

MrPete 8-Jun-09 12:32pm
Roger, I'm curious what exactly is impressive to you about this plan? Do you agree with the report's assumption, that industry is incapable of developing game-changing technology, but somehow the government needs to do something new to accomplish this? Wow, I guess we poor tech people really do need insight from those geniuses in Washington. And do you agree with the blatant power grab, bringing control of the Internet to the White House? So you think they really "get it", that somehow the Internet requires a fully centralized Authority without congressional oversight? I guess data really is unique compared to, say, telecommunications, whose security has been handled by bodies with congressional oversight? (I'm NOT saying congress is perfect of course... but what makes the Executive branch a better fit?) To me, this report looks like a lot of blather covering for a blatant political attempt to grab power and glory. To me, it looks like politics as usual. The same thing we've seen for the last six months. And that's just an order of magnitude increase of what we've seen on the increase for many years.
Brendan 23-Jun-09 5:47am
Carl, you're missing the bigger picture. The private sector has failed up to now, period. That is exactly why the government is stepping in. Also, the government in general and the Executive Branch specifically brings the military, law enforcement and intelligence agencies into the equation. Considering that the Chinesse government is experimenting with taking down our infrastructure and foreign organized crime gangs are working very hard to steal our identities it is going to take a coordinated, comprehensive approach to combat these threats. Roger, my question to you is what effect will these initiatives have on people like the Iranian protestors and Chinesse dissidents who must dodge their governements in order to obtain uncensored information and get their views expressed anonomously?

Sign up to receive InfoWorld Resource Alerts

Subscribe to the Today's Headlines: First Look Newsletter

Find out what will be news for the day, with our first-thing-in-the-morning briefing.

White paper

Log Management: How to Develop the Right Strategy for Business and Compliance

This white paper provides guidance on how to develop a strategic approach to managing and monitoring logs, a key function required for compliance with many regulatory mandates and a critical defense against security threats.

Download now! »

White paper

The Essential Series: Security Information Management

Learn about the processes and technologies that support security information management (SIM) operations, as well as the business case for SIM. The series examines different options for implementing SIM and gives you evaluation criteria for selecting the best option for your organization.

Download now! »

White paper

Aberdeen: Choosing and Consuming Managed Security Services

Learn the strategies, actions, and capabilities that Best-in-Class organizations employ and technologies they choose to obtain superior performance against various security performance metrics. This report provides guidelines for identifying which security solutions to consume as a MSS and defines best practices for choosing and managing MSSPs.

Download now! »
©1994-2009 Infoworld, Inc.