President Obama's speech today and the release of Melissa Hathaway's 60-day cybersecurity review are clear signals that cybersecurity is finally getting the attention it deserves, especially given its strategic importance to national security. As Obama said in his speech, technology now controls everything from our weapons to our water supply. Protecting our networks has become synonymous with protecting our borders. So why has it taken so long for the issue to reach the highest level?
As many cybersecurity experts have told me over the past couple years, almost everything worth taking from the government in terms of data has already been pilfered by hackers, organized crime and foreign governments. Everything from the design of our latest military aircraft to the president's campaign Web site has been penetrated, phished, downloaded or shut down completely. And yet somehow the issue remained below the radar of past presidents. To some, today's announcement is a bit like shutting the barn door after the horses have already been stolen.
As good news as this is for cybersecurity, the report still doesn't clear up the turf war over who will have responsibility for securing federal networks, particularly with regards to offensive capabilities. There was no mention of the National Security Agency on Friday, beyond Obama's assurance that the government would not be monitoring Internet traffic. Likewise, no mention was made of the Pentagon's plan to create a new military command for cyberspace.
Regardless, it's hard to see this as anything but a victory for the federal IT community. SANS Institute director Alan Paller told me today that people who were disappointed with the report are likely the victims of oversized expectations. The very fact that the president of the United States would make a nationally-televised speech where he spoke knowledgeably about the cyber threats to our digital infrastructure is a huge step towards raising awareness of the importance of the issue.
Obama has done what no other president so far has been willing to do: shoulder the responsibility of protecting the nation from cyberattacks. Whereas in the past the attacks were either covered up or treated with a shrug, Obama has promised to make cybersecurity a national security issue and a management priority. While that's certainly admirable, it also makes him accountable if, or rather when, the next massive data breach occurs.
Let's hope the new cyber czar is quickly appointed and hits the ground running. If six months from now someone manages to shut down the power grid, the public now knows where the buck stops.
COMMENTS
The fact that the POTUS has taken responsibility for cybersecurity is certainly admirable, which means he will be acountable if a massive data breach occurs. This statement is why no past POTUS would take responsibility. This also means those charged with cybersecurity should be concerned for their jobs. The buck stops with POTUS, but do understand, some other heads will role if they are found sleeping at the controls.
Evelyn Golden 06/01/09 09:48 am ET
"As many cybersecurity experts have told me over the past couple years, almost everything worth taking from the government in terms of data has already been pilfered by hackers, organized crime and foreign governments. "
This is just frankly not true. There are many people working hard accross the country to make sure that information is kept secure. Perhaps in the future, a better model would be that no information need be secured, perhaps in the LifeLock model where the CEO publishes his SSN as part of the advertisement. The premise that identity is locked down to the individual. However we aren't there yet.
The rest of the article is well thought out and at least mentions that Obama is doing much more than has been done previously.
The Safe Life 05/30/09 11:31 pm ET