A Gordian knot awaits future cybersecurity chief
Improving information sharing and incident response will be major challenges for new cybersecurity coordinator
- By William Jackson
- Jun 01, 2009
President Barack Obama's new national cybersecurity coordinator should be the White House action officer for cyber incident response, similar to the role of action officers who monitor terrorist attacks or natural disasters, according to the Cyberspace Policy Review released
Obama announced the creation of the new office last week as the anchor for a number of initiatives recommended in the report. The president called it an initial step toward a new, comprehensive approach to securing the nation’s information infrastructure and as a signal that the new approach will have his full attention and support.
However, of the major goals laid out in the review, creating an effective information sharing and incident response capability across government and the private sector presents some of the greatest technological challenges and trickiest policy minefields. The task is further complicated by the fact that responsibility for cybersecurity is fragmented in government.
“No single official oversees cybersecurity policy across the federal government, and no single agency has the responsibility or authority to match the scope and scale of the challenge,” Obama said in announcing the new plan.
It is also complicated by the president’s pledge that government will not monitor or regulate private sector networks. “My administration will not dictate security standards for private companies,” Obama added.
Creating an effective structure with the authority and ability for coordinated incident response could require legislation, the report said, and certainly will require the development of systems that will enable wide scale monitoring of the world’s networks, identifying intrusions and other malicious activity, and integrating and sharing the information.
Individual tools exist to do parts of these jobs, but a systematic implementation is lacking.
“The government needs a reliable, consistent mechanism for bringing all appropriate information together to form a common operating picture,” the report says. “Federal cybersecurity centers often share their information, but no single entity combines all information available from these centers and other sources to provide a continuously updated, comprehensive picture of cyber threats and network status, to provide indications and warning of imminent incidents, and to support a coordinated incident response.”
The Defense Department and intelligence communities look after their own networks, while the US-CERT oversees activity and threats on civilian agency networks and, to a lesser extent, private sector infrastructure. Pilot programs and evaluation still are necessary to identify intrusion detection and prevention sensors to provide needed situational awareness across all government networks, the report concludes and a long-term architecture to enable even broader monitoring and integration with states and private sector also is needed.
Creating incentives for cooperation and information sharing will likely be as big a challenge as creating the technology for to meet those goals. Privacy issues, concerns about security of proprietary data, liability and the impact of bad publicity have made the private sector wary of giving too much information to the government. On the other hand, the government has traditionally been stingy with information shared with the private sector because of security concerns.
“Creation of a not-for-profit non-governmental organization to serve as a trusted third-party host where government and private sector information may be shared to enhance the security of critical government and private-sector networks,” the report said.
The extent to which these goals can be met while maintaining a hands-off approach to private infrastructure is not clear, but Obama has pledged to cooperation “to ensure an organized and unified response to future cyber incidents.”
“Given the enormous damage that can be caused by even a single cyber attack, ad hoc responses will not do,” he said.
William Jackson is a Maryland-based freelance writer.