White House just getting started on cybersecurity

Report details the year's progress, but a lot of work remains

The White House yesterday released a progress report highlighting its accomplishments in securing cyberspace following last year's Cyberspace Policy Review. And although the administration has made some real progress, security experts say the job is far from finished. 

Since President Obama’s statement in May 2009 that the “cyber threat is one of the most serious economic and national security challenges we face as a nation” and “America's economic prosperity in the 21st century will depend on cybersecurity,” he has appointed a cybersecurity coordinator, established a military cyber command and initiated national strategies for trusted identity and incident response. The Commerce Department is supporting deployment of the DNS Security Extensions protocols to secure the Internet’s Domain Name System.

A team also is updating the Comprehensive National Cyberspace Initiative, established by President Bush in the previous administration.

“This revised Presidential Directive will further elaborate and advance implementation of the strategy outlined by the [Cyberspace Policy Review] and executed through the CNCI,” the report says.

Related stories:

Access control: Feds search for scalable solution

White House plans strategy for better cyber authentication

White House lifts the veil on Bush cybersecurity initiative

But much work remains to be done in securing the nation’s national security, civil and private-sector information infrastructures.

“There are things happening, but it is fair to say there is not an exhaustive list of accomplishments,” said Larry Clinton, president of the Internet Security Alliance, who attended Wednesday’s White House meeting at which the report was released.

The meeting included representatives from federal, state and local government; law enforcement; industry; academia; and civil liberty and privacy advocacy groups. Clinton said the fact that the president spoke at the meeting, which was chaired by Cybersecurity Coordinator Howard Schmidt and also included Commerce Secretary Gary Locke and Homeland Security Secretary Janet Napolitano, was encouraging.

“It was a statement of commitment at the highest level to continue to evolve the partnership” between the public and private sectors in securing cyberspace, he said.

The president early on identified cybersecurity as an important issue in his administration and ordered a comprehensive review of executive cybersecurity policy. Delays in releasing the report and difficulty in finding a person to fill the position of cybersecurity coordinator highlighted the challenges of securing the interconnected, critical cyberspace. Repeated reports of breaches and frequent government and private-sector studies continue to point out the vulnerability of information technology systems to penetration.

Among the accomplishments noted in the progress report is the new guidance from the Office and Management and Budget for complying with the Federal Information Security Management Act, which focuses on real-time awareness rather than static assessments.

“This change means that agencies will be able to identify vulnerabilities faster and actively protect against attacks,” the report states. “The new approach builds on government and industry best practices that will make our cybersecurity efforts more effective.”

A National Incident Response Plan now is in final draft and will be tested in September as part of the Cyber Storm III exercise. It will be revised based on lessons learned in that exercise. A National Strategy for Trusted Identity in Cyberspace has been released for public comment and is expected to be released in final form by the end of the year. National Security Presidential Directive 54 and Homeland Security Presidential Directive 23, which established CNCI and key cybersecurity roles and responsibilities in government, also are being updated.

Under CNCI, the Trusted Internet Connection initiative is reducing the number if Internet access points in federal networks, and the Einstein program now is providing intrusion detection for 12 of 19 major federal agencies. DHS has established a National Cybersecurity and Communications Integration Center, integrating existing incident response mechanisms into a unified operations center. The department also opened the Industrial Control System – Computer Emergency Response Team facility to address cybersecurity threats to critical infrastructure control systems.

On the legal front, the United States is stepping of law enforcement efforts against hackers and cyber criminals.

“The Secret Service has resolved over 1,100 cases and cracked the Heartland Payment Systems case that compromised over 130 million credit cards,” the report noted. “Albert Gonzalez, a main defendant in that case, was sentenced to 20 years in prison.”

Clinton said he was encouraged that Schmidt spoke of cybersecurity in economic rather than technical terms.

“We have to increase the price for attackers,” Clinton said. “We are thinking of security too much as a technical, operational issue and it’s really an economic issue. We want to focus on why the attacks occur.”

The president and other officials reiterated in the meeting that the administration’s approach to cybersecurity will be based on incentives for cooperation between the public and private sectors rather than on regulation, which was a message that industry representatives were happy to hear.


About the Author

William Jackson is a Maryland-based freelance writer.

FCW in Print

In the latest issue: Looking back on three decades of big stories in federal IT.


  • Anne Rung -- Commerce Department Photo

    Exit interview with Anne Rung

    The government's departing top acquisition official said she leaves behind a solid foundation on which to build more effective and efficient federal IT.

  • Charles Phalen

    Administration appoints first head of NBIB

    The National Background Investigations Bureau announced the appointment of its first director as the agency prepares to take over processing government background checks.

  • Sen. James Lankford (R-Okla.)

    Senator: Rigid hiring process pushes millennials from federal work

    Sen. James Lankford (R-Okla.) said agencies are missing out on younger workers because of the government's rigidity, particularly its protracted hiring process.

  • FCW @ 30 GPS

    FCW @ 30

    Since 1987, FCW has covered it all -- the major contracts, the disruptive technologies, the picayune scandals and the many, many people who make federal IT function. Here's a look back at six of the most significant stories.

  • Shutterstock image.

    A 'minibus' appropriations package could be in the cards

    A short-term funding bill is expected by Sept. 30 to keep the federal government operating through early December, but after that the options get more complicated.

  • Defense Secretary Ash Carter speaks at the TechCrunch Disrupt conference in San Francisco

    DOD launches new tech hub in Austin

    The DOD is opening a new Defense Innovation Unit Experimental office in Austin, Texas, while Congress debates legislation that could defund DIUx.

Reader comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

More from 1105 Public Sector Media Group