It is vitally important to national security and economic security that President Barak Obama fulfills a pledge that he made on the campaign trail concerning the security of our nation’s information infrastructure. During the 2008 presidential campaign, Mr. Obama compared cyber security threats with other 21st century national security challenges such as biological and nuclear weapons. He said at the time that he would declare the country’s critical infrastructure a national asset and that he would appoint a cyber advisor that would report directly to him.
The time to act is now. During the first 100 days of his Administration, Mr. Obama directed the National Security and Homeland Security Councils at the White House to conduct a 60-day federal cyber security review. That effort, led by the very capable Melissa Hathaway of the Office of the Director of National Intelligence, was completed on April 17th and the report has been submitted to the President.
The President could always expect (and is receiving) resistance in his Administration to some of the recommendations, particularly any that would revamp how government is structured to address cyber security. In my opinion, he should look beyond those criticisms and appoint a senior cyber official immediately that would report directly to him. Doing so will provide a cyber security leader in the White House with the political clout that he/she will need to develop and implement the President’s cyber security priorities. Without taking this first step, the Obama Administration will not likely be able to execute on other key recommendations that may result from the 60-day review.
Another priority should be to improve the security of federal information systems. The simple fact is that adversaries of the United States and cyber criminals are already penetrating our federal government’s information systems and sensitive data is being exposed daily. Without strong leadership in the White House, including better use of the federal budget process to spur agencies to address their most pressing information security risks, improvements will not come fast enough. Naturally, the President’s cyber advisor would need to work closely with the newly appointed Federal CIO (Vivek Kundra) and Federal CTO (Aneesh Chopra). Both of these leaders are gifted IT officials with private sector and state and local government experience both of whom can offer fresh perspectives and innovative approaches to make government more efficient, effective and secure.
The Obama Administration should also incent the electric power industry to adopt security standards that would help improve the security of our nation’s electric grid given the well known vulnerabilities that exist in that sector. With billions of dollars allocated for the Administration’s “smart grid” initiatives under the economic stimulus that was passed earlier this year, the President has an immediate opportunity to link funding of those programs to implementation of reasonable security controls. Again, now is the time to act.
The United States Congress also could play a constructive role by working with the Obama Administration to make improvements now. First, the Congress should encourage the President to appoint a senior advisor to drive cyber security strategy and policy from the White House. Despite some concerns raised in the U.S. Senate about this official assuming some operational responsibilities, those fears are misplaced in my opinion. I believe that this new role will focus on strategy, policy and coordination across the federal government, not to carry out cyber security operations. Leave the operations capabilities for the civilian government at the Department of Homeland Security (DHS) and continue to build out USCERT capabilities. And, as DHS continues to develop its capacity, National Security Agency (NSA) technical expertise should absolutely be leveraged as much as possible.
Click here to read more.
