White House publishes agenda for cybersecurity
- By William Jackson
- Jan 23, 2009
The Obama administration has posted its agenda for cybersecurity that outlines plans to “build a trustworthy and accountable cyber infrastructure that is resilient, protect America’s competitive advantage and advance our national and homeland security.”
During his campaign, President Obama emphasized the need to improve the security of federal information-technology networks and of the private infrastructure that underlies much of the nation’s economy. The administration's policy offers no surprises in this area: It calls for a presidential adviser on cybersecurity who would be responsible for coordinating agency activities and the development of a national policy.
The adviser apparently would be a separate position from the national chief technology officer post that also has been mentioned by the administration.
“It is a positive first step,” Michael Markulec, chief operating officer of Lumeta Corp., said of the adviser position.
Lumeta creates network mapping and discovery systems used by agencies to understand their network environments. The adviser was one of the recommendations made by the Center for Strategic and International Studies in its bipartisan report released last year, titled “Securing Cyberspace for the 44th Presidency.”
Markulec recommended that the position be more than purely advisory, and that it have the power of a chief information security officer who would work alongside a chief technology officer and establish a standardized approach to security. There needs to be a holistic approach to security that encompasses not just the 135 federal agencies, but also private sector infrastructure, he said. “They need to have the same approach to cybersecurity.”
Budget authority and acquisition vehicles would be key to implementing a security strategy and policy. To date, the Office of Management and Budget has taken the lead in IT security policy within government by virtue of its hold on agency budgets. The General Services Administration manages many governmentwide acquisition vehicles. “Whoever is appointed to this role would have to work closely with OMB as well as GSA," Markulec said.
In addition to appointing a high-level adviser, the agenda also calls for declaring the cyber infrastructure a strategic asset, signaling the administration’s willingness to devote a broad range of resources to its defense. Other elements of the strategy include:
- A safe computing research and devlopment effort and hardening the cyber infrastructure. This would include partnership with the private sector to develop and deploy secure hardware and software for national security applications.
- Protecting the IT Infrastructure underlying the economy with standards for security and physical resilience.
- Preventing corporate cyber espionage, protecting trade secrets and intellectual property.
- Developing a strategy to counter cyber crime, minimizing opportunities for criminal profit. This would focus on shutting down the flourishing underground criminal infrastructure and prosecuting violators.
- Mandating standards for security personal data and requiring companies to disclose breaches of personal information. This would replace a patchwork of security standards and breach disclosure requirements.
William Jackson is a Maryland-based freelance writer.