Cyber advice for the next president
- By William Jackson
- Oct 28, 2008
A commission formed to offer advice on cybersecurity to the next president is nearing the completion of its work, and some of the recommendations are likely to conflict with elements of President Bush's Cyber Initiative.
'It will be finalized very shortly,' said Rep. Jim Langevin (D-R.I.), co-chairman of the bipartisan Commission on Cyber Security for the 44th Presidency. 'The findings are preliminary at this point.'
The commission, created in November 2007 by the Center for Strategic and International Studies (CSIS), held a series of public meetings to hear recommendations on issues of information security, identity theft and government leadership. It plans to present its findings to the new president prior to his inauguration in January.
When it does, one of the biggest departures from current cybersecurity policy will be the commission's recommendation to take the lead away from the Homeland Security Department and give it to the White House.
Bush put DHS in charge of the country's cybersecurity in the initiative launched in January with Homeland Security Presidential Directive 23.
'The commission strongly disagrees with that,' Langevin said in an interview with Government Computer News. 'This needs to be directed out of the Executive Office of the President,' in close cooperation with the National Security Council.
Langevin called the president's Cyber Initiative a good first step, but said DHS is not yet up to the task.
'DHS will not be able to handle it at this point,' he said. 'It is still a young, immature agency trying to stand itself up.'
The commission was established to advise government leaders on the cybersecurity issues that have come to the forefront in the past eight years, as the Internet and other IP infrastructure have become increasingly important to the country's economy and security. Risks have also grown, and CSIS concluded that a comprehensive policy is required to adequately address the issues and formed the commission to help create that policy.
In addition to Langevin, who is also chairman of the House Homeland Security Committee's Emerging Threats, Cybersecurity, and Science and Technology Subcommittee, the group's leaders are Rep. Michael McCaul (R-Texas), the subcommittee's ranking member; retired admiral and former National Security Agency director Bobby Inman; and Scott Charney, corporate vice president of Microsoft's Trustworthy Computing Group. Members of the commission include Amit Yoran, formerly the top cybersecurity official at DHS; Orson Swindle, who formerly served on the Federal Trade Commission; Martha Stansell-Gamm, former chief of the Justice Department's Computer Crime and Intellectual Property Section; and a number of industry executives.
Cybersecurity is becoming too big an issue for a president to ignore, Langevin said. 'Like it or not, the next administration is going to have to address it.'
Langevin said his tenure on the subcommittee and his work with the commission have been eye-opening, especially regarding the degree to which government IT systems have been compromised and the amount of data that might have been exposed to foreign governments. He faulted the current administration for not addressing the problems sooner.
'It is too bad it has taken so long to get cybersecurity at the top of the president's agenda,' he said. 'That said, I am pleased that he stepped in with the Cyber Initiative. It is a good start.' But Langevin said he believes the commission's report offers a better strategy because it contains input from a broad range of experts.
However, Langevin said the commission's recommendations will call for making changes to the Cyber Initiative rather than eliminating it. Monitoring federal networks and consolidating the number of Internet connections to a manageable number are good ideas. But better situational awareness is also needed, along with improved coordination between government and the private sector.
The commission has sought to ensure that its recommendations will be high on the next president's agenda by working with the leading presidential candidates, who have been responsive to their efforts, Langevin said.
'Both the McCain and Obama campaigns have been contacted and apprised, so they are well aware of what we are doing,' he said. He added that he believes that both candidates are committed to improving cybersecurity and that the commission's recommendations would remain the same regardless of the outcome of next week's election.
'Whoever the president is will have to confront these serious threats,' Langevin said. 'We ignore them at our peril.'
William Jackson is a Maryland-based freelance writer.