Obama on cybersecurity: We're not that prepared
President Obama on Friday said the U.S. government is "not as prepared" as it should be to respond to disruptions caused by computer or Internet attacks and announced that a new cybersecurity coordinator position would be created inside the White House staff.
The still-to-be-named coordinator will oversee a new bureaucracy tasked with digital infrastructure protection, which had previously been handled by the Department of Homeland Security. "We will ensure that these networks are secure, trustworthy and resilient," Obama said. "We will deter, prevent, detect, and defend against attacks and recover quickly from any disruptions or damage."
Obama's announcement, which was expected, came as the president released the outcome of a 60-day review that sought to rethink how the federal government should address cybersecurity. Business groups had sought to raise cybersecurity's profile in the administration but remained wary about regulatory mandates from Washington; security hawks would prefer the new bureaucracy to have more authority over the private sector.
The final report represents a political compromise. It suggests "intrusion detection and prevention systems" and "warning of cyber intrusions and attacks," while stressing that collaboration with privacy groups and industry is vital. New laws compelling companies to share more information with the federal government about intrusions may be necessary, it says, but only "as a last resort."
During his remarks in the White House's East Room on Friday, Obama also seemed to seek a balance between warning of the dangers of terrorists or other miscreants using the Internet and saying the government will not go too far. "Our pursuit of cybersecurity will not -- I repeat, will not include -- monitoring private sector networks or Internet traffic," he said.
The report also goes out of its way to recognize the civil liberties concerns that could arise by a greater focus on private networks: the word "privacy" appears no fewer than 69 times in the document.
In a cybersecurity "crisis," the plan is for the coordinator to become the "White House action officer for cyber incident response." That's a similar role to the White House officials who help to monitor terrorist attacks or natural disasters. (The new coordinator's fiefdom will be shared between the National Economic Council and the National Security Council.)
While there has been some private grumbling that the new coordinator will not report directly to the president -- a prized symbol of access in Washington circles -- reaction to the administration's announcement was generally positive.
Senators John Rockefeller (D-W.V.) and Olympia Snowe (R-Maine), members of the Commerce and Intelligence committees, said in a statement that "no other president in American history has elevated this issue to that level and we thank (Obama) for his leadership." The Center for Democracy and Technology said it "is evident that the report's authors listened to the concerns of privacy and civil liberties groups."
Cybersecurity headaches
The origin of many of the feds' cybersecurity headaches can be traced back to the process that led to the creation of the Department of Homeland Security nearly seven years ago. Politicians in Washington, D.C. decided to glue together a medley of federal agencies to create a massive bureaucracy that would, as one of its new goals, provide a better focus on cybersecurity.
"The department will gather and focus all our efforts to face the challenge of cyberterrorism," President Bush said when signing the 500-or-so-page bill into law in November 2002. "This department will be charged with encouraging research on new technologies that can detect these threats in time to prevent an attack."
Some tasks might benefit from centralization in one of the world's largest bureaucracies. But it soon became evident that cybersecurity was not one of them. By 2005, government auditors concluded that the department failed to live up to its cybersecurity responsibilities and may be "unprepared" for emergencies; as recently as last fall, DHS Secretary Michael Chertoff said his agency needed to develop a plan to respond to a "cybercrisis."
That led some outside groups to argue that cybersecurity efforts should be taken over by the National Security Agency, which already is responsible for protecting government computers through its "information assurance" arm, or perhaps the White House staff.
Lending an unusual spice to what would normally be a quiet, internecine power struggle was March's resignation of Rod Beckström, director of Homeland Security's National Cybersecurity Center. In his farewell letter, Beckström blasted what he said was an NSA power grab, saying the secretive military agency "effectively controls DHS cyber efforts through detailees, technology insertions."
The week before Beckström's resignation, Director of National Intelligence Admiral Dennis Blair suggested to a House committee that the NSA was ready for the job, saying "there are some wizards out there at Fort Meade." But a few weeks later, after a congressional hearing that was hardly enthusiastic about the idea, NSA director Keith Alexander denied his agency had any interest in the job.
In February, Obama ordered a 60-day review of the federal government's cybersecurity efforts, and appointed Hathaway -- who had worked for the director of national intelligence in the Bush administration -- to lead it.
In addition, The New York Times reported on Friday that the Pentagon is preparing a new military command for cyberspace that would operate in parallel with the civilian effort that Obama is expected to announce. He is "expected to sign a classified order in coming weeks that will create the military cybercommand" and recognize "that the United States already has a growing number of computer weapons in its arsenal and must prepare strategies for their use," the newspaper said.
During Friday's remarks, Obama noted that his campaign had been the subject of a cyber intrusion in which hackers accessed policy papers and travel plans but not fundraising data.
Declan McCullagh is a contributor to CNET News and a correspondent for CBSNews.com who has covered the intersection of politics and technology for over a decade. Declan writes a regular feature called Taking Liberties, focused on individual and economic rights; you can bookmark his CBS News Taking Liberties site, or subscribe to the RSS feed. You can e-mail Declan at declan@cbsnews.com. 
In the previous administration, the cyber guy reported to the janitor at Homeland Security.
How will this effect Desktop and mobile OS makers Linux, Microsoft and Apple? Or will it only focus on Windows to the exclusion of others? Will it promote others to alleviate a single target??
Who (what governmental bureaucratic agency) will make that choice? In conjunction with Businesses?
Will the Government dictate or mandate certain technologies?
We're waiting to find that out. We don't know yet who this Cybersecurity Coordinator will be, how large of a staff he or she will have, and how broad his or her mandate will be.
We do know, from today's report from the White House, that they're considering new laws and regulations, albeit carefully. Excerpt: "Changes in policy (for example, adoption of regulation or tax incentives) can affect decisions regarding procurement or technological research and development. The Federal government could also consider ways in which it could focus more resources on research into possible ?game-changing? areas, such as behavioral, policy, and incentive-based cybersecurity solutions"
Who (what governmental bureaucratic agency) will make that choice? In conjunction with Businesses?
Will the Government dictate or mandate certain technologies?..."
Why let others who know the internals of the Operating Systems you are using (as is the case of the Linux Operating System; Apple is a no go; and, the Swiss Cheese Code-Base OS/2 Warp (Microsoft Windows) will always be the Swiss Cheese Code-Base OS/2 Warp (Microsoft Windows)!
As OS/2 is in the Celestial Plain (the International Space Station); so, should it be at the Terrestrial Plane (Earth) where it serving the Russian federation very well.
I swear you must trip acid everytime you post here..
BTW, which OSes are being run at GM!!! If they are those of Linux flavors then that may be a direct saving on Operating Systems costs to help them steer away from the direction (road) they are heading.
How about you offering them some advice since you never venture near "acid"!
Well, we also heard a certain U. S. bank talk about "Intellectual Property"; and, "Capital Strength" and therefore one would tend to believe what was said by the Prez.
At least the banks should know.... we all know where most of the "money" went; and, they (the banks) know how and where it is all being spent; also, how "secure" their systems are....!
"Once A Banker Always A Banker"!
"Mission Accomplished" - Again!
- by Lady_Violina June 2, 2009 10:41 AM PDT
- Not THAT prepared?
- Like this Reply to this comment
-
-
- by femtobeam June 27, 2009 11:53 AM PDT
- You are right Lady Violina. The most obvious is the lack of understanding about what the problems are and what is needed to overcome them. The problems are competition for a market share of knowledge from people that leads to economic domination, achieved through coordinated efforts mostly by China on all fronts to achieve this goal. Achieving it means domination of the electromagnetic spectrum which is optical. Optical is far faster than digital and therefore is the key to all things. The focus on computers and digital networks is like a wagon to a spaceship when it is related to a digital versus optical ability. Where the two meet, slowed down by the digits, one has a DOC (digital optical computer). The focus on "sharing and collaboration" is the most dangerous of all policies. This has already been done whether we wanted it to happen or not... by state sponsored pirates in China. THEY ALREADY HAVE THE INFORMATION. The race is on in a new Weapon of Mass Destruction... access to the human brain and all it's nerve endings, couched in the "opportunity" words of neuromarketers and the mind control objectives of large multinational corporate giants. President Obama will not be able to obtain cooperation from them and their activities without forcing them to comply. Bush tried it and they denied a turnover of records claiming privacy issues. Meanwhile it is they, not the government who were eavesdropping on scientists and selling time to their overseas partners and clients. It amounted to government sponsored theft of IP from small businesses and inventors. My question is how will President Obama be able to fulfill his duty to protect and defend the people of the United States without some way to monitor what is happening to them so one can detect and prevent intrusions? The privacy, security and freedom of speech issues are at a crossroads when it comes to cybersecurity. It is not about your computer only any more, nor the internet. It is about broadband of all kinds and access to your neurons. After much thought on the issue, the worst thing that can happen is a competition involving human subjects for another federal giveaway while China sits by waiting for the data to be completed so they can hack into it and build another botnet, this time of brains integrated with computers. We are not at all prepared for this. It is an emergency and should be treated like one, directed by the President with long term professionals who understands the subjects entirely, not a policy maker. We need a Cyber Project no less than the Manhattan Project in importance and the President should retract his statement about monitoring the networks. There is no other way to obtain the information about attacks on citizens who are being individually targeted, through the commercial networks.
- Like this
-
(15 Comments)The truth is that nobody is even the slightest prepared to what eventually might happen with cybersecurity worldwide!