White House just getting started on cybersecurity

Report details the year's progress, but a lot of work remains

The White House yesterday released a progress report highlighting its accomplishments in securing cyberspace following last year's Cyberspace Policy Review. And although the administration has made some real progress, security experts say the job is far from finished. 

Since President Obama’s statement in May 2009 that the “cyber threat is one of the most serious economic and national security challenges we face as a nation” and “America's economic prosperity in the 21st century will depend on cybersecurity,” he has appointed a cybersecurity coordinator, established a military cyber command and initiated national strategies for trusted identity and incident response. The Commerce Department is supporting deployment of the DNS Security Extensions protocols to secure the Internet’s Domain Name System.

A team also is updating the Comprehensive National Cyberspace Initiative, established by President Bush in the previous administration.

“This revised Presidential Directive will further elaborate and advance implementation of the strategy outlined by the [Cyberspace Policy Review] and executed through the CNCI,” the report says.


Related stories:

Access control: Feds search for scalable solution

White House plans strategy for better cyber authentication

White House lifts the veil on Bush cybersecurity initiative


But much work remains to be done in securing the nation’s national security, civil and private-sector information infrastructures.

“There are things happening, but it is fair to say there is not an exhaustive list of accomplishments,” said Larry Clinton, president of the Internet Security Alliance, who attended Wednesday’s White House meeting at which the report was released.

The meeting included representatives from federal, state and local government; law enforcement; industry; academia; and civil liberty and privacy advocacy groups. Clinton said the fact that the president spoke at the meeting, which was chaired by Cybersecurity Coordinator Howard Schmidt and also included Commerce Secretary Gary Locke and Homeland Security Secretary Janet Napolitano, was encouraging.

“It was a statement of commitment at the highest level to continue to evolve the partnership” between the public and private sectors in securing cyberspace, he said.

The president early on identified cybersecurity as an important issue in his administration and ordered a comprehensive review of executive cybersecurity policy. Delays in releasing the report and difficulty in finding a person to fill the position of cybersecurity coordinator highlighted the challenges of securing the interconnected, critical cyberspace. Repeated reports of breaches and frequent government and private-sector studies continue to point out the vulnerability of information technology systems to penetration.

Among the accomplishments noted in the progress report is the new guidance from the Office and Management and Budget for complying with the Federal Information Security Management Act, which focuses on real-time awareness rather than static assessments.

“This change means that agencies will be able to identify vulnerabilities faster and actively protect against attacks,” the report states. “The new approach builds on government and industry best practices that will make our cybersecurity efforts more effective.”

A National Incident Response Plan now is in final draft and will be tested in September as part of the Cyber Storm III exercise. It will be revised based on lessons learned in that exercise. A National Strategy for Trusted Identity in Cyberspace has been released for public comment and is expected to be released in final form by the end of the year. National Security Presidential Directive 54 and Homeland Security Presidential Directive 23, which established CNCI and key cybersecurity roles and responsibilities in government, also are being updated.

Under CNCI, the Trusted Internet Connection initiative is reducing the number if Internet access points in federal networks, and the Einstein program now is providing intrusion detection for 12 of 19 major federal agencies. DHS has established a National Cybersecurity and Communications Integration Center, integrating existing incident response mechanisms into a unified operations center. The department also opened the Industrial Control System – Computer Emergency Response Team facility to address cybersecurity threats to critical infrastructure control systems.

On the legal front, the United States is stepping of law enforcement efforts against hackers and cyber criminals.

“The Secret Service has resolved over 1,100 cases and cracked the Heartland Payment Systems case that compromised over 130 million credit cards,” the report noted. “Albert Gonzalez, a main defendant in that case, was sentenced to 20 years in prison.”

Clinton said he was encouraged that Schmidt spoke of cybersecurity in economic rather than technical terms.

“We have to increase the price for attackers,” Clinton said. “We are thinking of security too much as a technical, operational issue and it’s really an economic issue. We want to focus on why the attacks occur.”

The president and other officials reiterated in the meeting that the administration’s approach to cybersecurity will be based on incentives for cooperation between the public and private sectors rather than on regulation, which was a message that industry representatives were happy to hear.

 

About the Author

William Jackson is a Maryland-based freelance writer.

The Fed 100

Save the date for 28th annual Federal 100 Awards Gala.

Featured

  • Social network, census

    5 predictions for federal IT in 2017

    As the Trump team takes control, here's what the tech community can expect.

  • Rep. Gerald Connolly

    Connolly warns on workforce changes

    The ranking member of the House Oversight Committee's Government Operations panel warns that Congress will look to legislate changes to the federal workforce.

  • President Donald J. Trump delivers his inaugural address

    How will Trump lead on tech?

    The businessman turned reality star turned U.S. president clearly has mastered Twitter, but what will his administration mean for broader technology issues?

  • Login.gov moving ahead

    The bid to establish a single login for accessing government services is moving again on the last full day of the Obama presidency.

  • Shutterstock image (by Jirsak): customer care, relationship management, and leadership concept.

    Obama wraps up security clearance reforms

    In a last-minute executive order, President Obama institutes structural reforms to the security clearance process designed to create a more unified system across government agencies.

  • Shutterstock image: breached lock.

    What cyber can learn from counterterrorism

    The U.S. has to look at its experience in developing post-9/11 counterterrorism policies to inform efforts to formalize cybersecurity policies, says a senior official.

Reader comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

More from 1105 Public Sector Media Group