The Whitehouse Releases 60 Day Cyber Security Review

Early after President Obama was nominated I wrote an open letter to President Obama for actions that I believed the administration would need to take in the first 90-days “Open Letter to Barack Obama: Securing Critical Infrastructure – The First 90 Days” These included a policy review and some suggestions on methods the administration would need to implement to secure our digital infrastructure. President Obama appointed Melissa Hathaway to lead the review, which has now been completed.

In a blog post titled “Securing our Digital Infrastructure” Melissa Hathaway states…

We now have a strong and common view of what is needed to achieve change.   Ensuring that cyberspace is sufficiently resilient and trustworthy to support U.S. goals of economic growth, civil liberties and privacy protections, national security, and the continued advancement of democratic institutions requires making cybersecurity a national priority.

During the Presidential press briefing President Obama stated

Today I’m releasing a report on our review, and can announce that my administration will pursue a new comprehensive approach to securing America’s digital infrastructure.

This new approach starts at the top, with this commitment from me:  From now on, our digital infrastructure — the networks and computers we depend on every day — will be treated as they should be:  as a strategic national asset.  Protecting this infrastructure will be a national security priority.  We will ensure that these networks are secure, trustworthy and resilient.  We will deter, prevent, detect, and defend against attacks and recover quickly from any disruptions or damage.

There is nothing revolutionary in their findings, nor in their near and mid-term action plans to address the deficiencies of our current program. What is encouraging and what we must all recognize is that this administration has elevated the conversation and is building national awareness across our entire population, not just the security professionals and IT geeks.

Many in the security industry are already complaining that it isn’t enough, that there is more that should be done, that it all rings hollow and has been tried before. What they seem to be unable to rationalize is that we have an administration that not only understands the scope of the problem and associated threats but is working aggressively to implement policies, procedures and technologies to address them.

Regardless of your thoughts on the review and announcement of a cyber security coordinator, information security and the demands to secure our critical infrastructure is a US administration priority and we should all agree that is a very positive step.

The 60 day cyber security review to the President contains five main chapters, outlined below, and includes a near-term action plan for U.S. Government activities to strengthen cyber security. I encourage all of you to review the document and ask what you can do to for our country.

Leading from the Top – Makes the case for strengthening cybersecurity leadership for the United States through 1) the establishment of a Presidential cybersecurity policy official and supporting structures, 2) reviewing laws and policies, and 3) strengthening cybersecurity leadership and accountability at federal, state, local, and tribal levels.

Building Capacity for a Digital Nation – Advocates a national dialogue on cybersecurity to increase public awareness of the threats and risks and how to reduce them.  Outlines the need for increased education efforts at all levels to ensure a technologically advanced workforce in cybersecurity and related areas, similar to the United States’ focus on mathematics and science education in the 1960s.  Identifies the need to expand and improve the federal information technology workforce and for the Federal government to facilitate programs and information sharing on cybersecurity threats, vulnerabilities, and effective practices across all levels of government and industry.

Sharing Responsibility for Cybersecurity – Discusses the need for improving and expanding partnerships between the Federal government and both the private sector and key U.S. allies.

Creating Effective Information Sharing and Incident Response – The United States needs a comprehensive framework to facilitate coordinated responses by government, the private sector, and allies to a significant cyber incident.  This chapter explores elements of such a framework and suggests enhancements to information sharing mechanisms to improve incident response capabilities.

Encouraging Innovation – The chapter addresses ways for the United States to harness the benefits of innovation to address cybersecurity concerns, including work with the private sector to define performance and security objectives for future infrastructure, linking research and development to infrastructure development and expanding coordination of government, industry, and academic research efforts.  It also addresses supply chain security and national security / emergency preparedness telecommunications efforts.

What we need now is action, a long-term commitment to maintain the health and improve the security of our nations critical infrastructure. That we can build a world that is safe to use and transfer digital information, that we support innovation of new technologies and evolve existing ones. That we will prosper and that technology will be a key element of that prosperity for decades to come. As President Obama mentioned in his press briefing

In short, America’s economic prosperity in the 21st century will depend on cybersecurity.