The government may have to take a new approach to securing the nation's telecommunications infrastructure, two senior administration officials said Friday.
The intersection of military operations and telecommunications policy is just one of the many facets of cybersecurity currently under review by the administration as it wraps up its 60-day, government-wide review of cybersecurity programs.
Two officials familiar with the review, led by Melissa Hathaway, the acting senior director for cyberspace for the National Security and Homeland Security Councils, said the laws and policies governing telecommunications have not kept pace with the technology in the sector. Consequently, the administration is reviewing ways to balance the need to address evolving threats--such as viruses or organized cybercrime--with the maintenance of information infrastructure, they said, talking to reporters on a conference call.
Hathaway's team has 14 days left to create a cybersecurity action plan for the president. That plan, to be presented on April 17, will be a springboard for White House-led cybersecurity plans in the coming years and will put the onus on the White House to direct interagency cybersecurity efforts, said the officials, who declined to be named.
The Obama administration has sought out unprecedented levels of input from government agencies, the private sector, and other organizations, the officials said. In all, the review so far as consisted of more than 40 meetings and has yielded more than 100 papers to inform the final action plan.
After reviewing presidential directives, strategic plans produced by advisory boards, and a host of other cybersecurity documents, the review team identified more than 250 requirements for securing cyberspace that were commonly recognized as critical. The team asked government departments to explain what plans were in place to meet those requirements relevant to their department mission. For instance, the team met with the Social Security Administration and the IRS to discuss their unique role in securing citizens' personal information and maintaining public trust.
The review has emphasized the need for privacy and the protection of civil liberties and has included discussions with groups like the American Civil Liberties Union, the Electronic Frontier Foundation, and the Center for Democracy and Technology, the administration officials said.
There were also discussions with more than 50 universities about relevant research currently underway and ways in which it could be used to improve the country's security. About 70 universities collaborated on a report on ways they could contribute to a national cybersecurity effort.
The review team is currently conducting a gap analysis to determine how best to coordinate interagency policy from the White House and how to architect cybersecurity efforts like standards in the procurement process.