Posted on | May 30, 2009 | 3 comments
In a historic White House speech, President Obama on Friday, May 29, 2009, became the first head of a nation state to stake out a leadership role in attempting to make the Internet safer.
Dozens of tech executives, military and intelligence officials,Ã‚Â agency heads and lawmakers attuned to the topic gathered in the East Room of the White House witnessed the speech live, as did myself and many othersÃ‚Â glued to the White House’sÃ‚Â “livestream” web cast.
Save for not naming a cybersecurity czar, Obama’s speech held no surprises for anyone paying close attention to theÃ‚Â steady escalation of cyber threats — and the, thus far, disjointed efforts at defending against them.Ã‚Â You can see the full text of Obama’s speech here and see the video here. In it, the presidentÃ‚Â cohesively spins together the background and context, thus making effective use of his bully pulpit.
President Obama on cyber threats: “It’s the great irony of our Information Age — the very technologies that empower us to create and to build also empower those who would disrupt and destroy. And this paradox — seen and unseen — is something that we experience every day. But just as we failed in the past to invest in our physical infrastructure — our roads, our bridges and rails — we’ve failed to invest in the security of our digital infrastructure.
“… Indeed, when it comes to cybersecurity, federal agencies have overlapping missions and don’t coordinate and communicate nearly as well as they should — with each other or with the private sector. We saw this in the disorganized response to Conficker, the Internet “worm” that in recent months has infected millions of computers around the world.
“This status quo is no longer acceptable — not when there’s so much at stake. We can and we must do better. ”
Giant leap forward
Obama then laid out a five point policy statement, backed by this 76-page report, andÃ‚Â said he would personally appoint aÃ‚Â “cybersecurity coordinator”Ã‚Â toÃ‚Â implement the policy.Ã‚Â That appointee’s mission:Ã‚Â secureÃ‚Â government networks, coordinate responses to attacks, work to secure the infrastructure grid run by the private sector, boost research funding and push for more public education.
This approach derives from Melissa Hathaway’s 60-day review of U.S. cybersecurity policy, which in turn derives from the work of several otherÃ‚Â groups, most notably this report from the bi-partisan Center for Strategic and International Studies (CSIS), and this report from the Dartmouth College-based Institute for Information Infrastructure Protection (I3P).
The importance ofÃ‚Â having the leader of the free world publiclyÃ‚Â embrace two-years worth ofÃ‚Â behind-the-scenes consensus-buildingÃ‚Â and translate it into tenets of fresh U.S.Ã‚Â policy representsÃ‚Â one giant leap forward for the public good.
Positive reaction pours in
Even skeptics concerned that political infighting could hinder meaningful progress going-forward ought toÃ‚Â Ã‚Â pause for a moment toÃ‚Â consider the potential upside. Most are doing at least that much.Ã‚Â A sampling of the reaction:
Martha Austin, executive director, Institute for Information Infrastructure Protection at Dartmouth College: “Because the vast majority of IT systems that run our nation’s critical infrastructures are owned and operated by the private sector, it is imperative-as the President pointed out-that the nation’s cyber security coordinator make a concerted and determined effort to reach out to the business community. The fact that the President so forcefully expressed his commitment to privacy and net neutrality should reassure the business community that the nation’s need to balance security with accessibility will be well considered.”
Ken Silva, CTO, VeriSign: Obama’s plan “underscores just how serious this issue is and that the administration appears to understand the significance. It is just a call for action; it is not action in and of itself. I’m optimistic that his recommendations will be acted upon.”
Retired Air Force Lt. Gen. Harry Raduege, chairman, Deloitte Center for Network Innovation: “The president recognizes the fact that cybersecurity has become a critical element, not just for national security, but also for economic opportunities for our nation. The fact that he’s going to personally select a person who is going to have direct access to him, and be a member of the National Security Council and the National Economic Council, is very important.”
John Stewart, CSO, Cisco Systems:Ã‚Â “To have the established leader of the free world say Ã¢â‚¬ËœI’m going to invest my personal time in cybersecurity’ is really encouraging. I’d rather see them go slow and do the correct amount of vetting to get the right person.
Greg Brown, co-CEO, Motorola: “It is critical that effective, hands-on public-private partnerships are developed. This is a challenge that will require the collaborative efforts of businesses and government to be successful.”
Ryan Barnett, research director, Breach Security: “We must have broad visibility and coordination in order to realize a new defensible strategy to protect our interests in cyberspace. A national plan for detection, prevention and response to these types of attacks is paramount.”
Dominique Levin, vice president of Marketing and Strategy,Ã‚Â LogLogic:Ã‚Â “We hope the cybersecurity czar will focus on establishing a government-endorsed ‘minimum bar’ for security that applies to a broad range of industries.Ã‚Â This standard would definitely be a positive for the security industry and for American businesses and could make it a lot easier for executives in business to get approval for investments in security. Additionally, security is only as strong as the weakest link in the chain, so any initiative that can raise the bar is a good thing.”
Rep. Jim Langevin (D-RI), co-chair, House Cyber Security Caucus. “This White House report is a good starting point for the work that lies ahead … including increased coordination between the private and public sectors and within various government agencies. I am especially pleased to hear President Obama refer to our cyber infrastructure as a “Strategic National Asset” and a top national security priority. Over the coming months, I look forward to working with the new Cyber Coordinator to fine tune its more general recommendations and make sure we are putting this report into action.”
Phyllis Schneck, vice president at McAfee”Today marks the beginning of a new era of White House leadership in cybersecurity. We think this is a great first step, but there is even more hard work to be done,” said Phyllis Schneck, vice president at McAfee who has worked with the government on cybersecurity. “Cyberthreats are very real, ongoing, and very dangerous. McAfee will keep working with the government to continue the fight against cyberthreats and help protect our nation.”
Amit Yoran, CEO,Ã‚Â NetWitness: “Nothing in Washington happens quickly, but the fact that they have put this review process together and completed this undertaking is very encouraging. Now more than ever, strong and decisive direction, coordination and oversight from the White House is critical.”
Zalmai Azmi, Senior Vice President for Strategic Law Enforcement and National Security Programs,Ã‚Â CACI:Ã‚Â “The President demonstrated today that he is offering far more than rhetoric on the issue of cyber security, he is clearly taking a leadership role in both identifying potential cyber attack and creating a framework in which the government and the private sector can work together to address a host of complicated security issues.”
Shannon Kellogg, Director of Information Security Policy, EMC Corp: “It’s going to be very important for the President’s cyber advisor to work aggressively with counterparts in the federal government to improve information security within federal systems – that has to be job one. Another immediate task will be to work with counterparts in critical infrastructure such as the electric power industry to improve security within those systems. And the new cyber official will need to do this while working to execute on a longer term strategy that will fully utilize all the tools available to the United States to make lasting improvements to our national cyber security posture, which will contribute positively to both our national security and economic security.”
Ed Black, CEO, Computer & Communications Industry Association: “This shows the Obama Administration understands the critical balance needed to keep the Internet open and safe and to maintain the freedom and trust of those using it. We know the pressures to deviate from this balance will be strong, and we hope he can stay on course.”Hi Byron,
Bob Dix, vice president, Government Affairs and Critical Infrastructure Protection, Juniper Networks: “The President rightly noted that trusted, secure networks are now the foundation of our nation’s infrastructure. With the private sector owning the vast majority of our nation’s critical infrastructure, it is absolutely imperative that the new Cyber Security Coordinator quickly take on the task of extending and improving the collaborations between government and industry in protecting our nation’s critical information networks.”
Andrew Klungness, law partner,Ã‚Â Bryan Cave LLP:Ã‚Â “This is a step in the right direction. In today’s interconnected world, where information technology plays such a critical role in the management of our infrastructure, markets, capital, and military, ensuring the security of our cyberspace is every bit as important as protecting our physical borders. Privacy advocates are going to find it initially reassuring that President Obama tipped his hat to privacy concerns by stating that private sector networks and internet traffic will not be monitored. But, as the President’s plan is implemented, there will, undoubtedly arise conflicts between the administration and such advocates as competing concerns regarding civil liberties and security are carefully weighed and balanced.”
Christopher A. Schwartzbauer, Senior Vice President, Shavlik Technologies:Ã‚Â “It is critical that President Obama establish clear leadership at the top to drive a significant cyber security focus. Government also needs to improve its access to the best technologies to automate and address the assessment and remediation of the threats. The process of acquiring new technology is prohibitively slow and expensive and makes it nearly impossible for the government to quickly acquire the latest and greatest weapons to combat cyber security threats fast.”
Pat Clawson, CEO, Lumension: “We also need to seriously consider creating a new branch of the government – a Cyber Warfare division that can serve to bridge the gaps, eliminate overlaps, and bring people, processes, policies and technology together in a cohesive manner – this way we can be on the defensive as well as offensive against cyber attacks. This Cyber Warfare division should consists of military personnel, business leaders, computer and forensics experts and even white hackers who can monitor the behavior of cyber criminals. This way, you have a diverse group of intelligent individuals who can create a cohesive, holistic strategy to prevent future attacks from our adversaries.
Paul Kocher,Ã‚Â chief scientist, Cryptography Research: “Obama’s focus on data security is extremely significant, although the government’s ability to solve the problems is likely to be fairly limited. For example, regulations to mandate better security engineering, or to increase liability for breaches, would be controversial and could easily do more harm than good. Still, it’s encouraging that this administration recognizes that the national interest is best served by improving security to protect against cybercrime, instead of weakening security to facilitate government surveillance.”
Phil Lieberman, CEO,Ã‚Â Lieberman Software:Ã‚Â “There needs to a be a bright line of reasonable care for enterprises as well as incentives to implement strengthened cyber security.Ã‚Â Government must clamp down on credit card issuers transfer of liability to processors and merchants for breaches caused by complex / high level attacks that cannot be anticipated or fully guarded against.”
Mark Lobel, principal PricewaterhouseCoopers: “Security needs to be at a senior level to get proper visibility and the support needed to practically improve security. The two key factors that make security effective are leadership and a documented strategy. This administration is moving in the right direction by raising the responsibility and visibility of this position but it remains to be seen if the role, as defined, will be effective. The proof will be in the results.”
Jim White,Ã‚Â vice president of critical infrastructure security,Ã‚Â Uniloc: “The urgency is now, and the actions of the president will help drive public awareness and accelerate the legislation and actions required to ensure the nation’s security. “The president elevated the issue of cyber security to the highest levels of the nation. Uniloc and other industry technology leaders look forward to working with the federal government to solve this most critical issue facing our country.”