White House doesn't shine in cybersecurity grading

National Security Cyberspace Institute releases cybersecurity report card

The Obama administration has received less-than-stellar marks in a recent report card on its cybersecurity policies, earning grades in the B to D range.  

The National Security Cyberspace Institute examined the administration’s record of cybersecurity accomplishments in a white paper published Jan. 18.

NSCI awarded grades for progress against 10 near-term recommendations included in the White House’s 60-day Cyberspace Policy Review released in 2009.


Related story:

DISA creates 'demilitarized zone' for unclassified network


“We awarded grades solely on our view of actual progress – not on good intentions, flowery rhetoric, the number of meetings held, commissions commissioned, or number of times administration officials have mentioned the word ‘cyber,’ ” NSCI wrote.

None of the White House’s near-term action items received an A, for full implementation, or an F, for no progress shown.

NSCI gave the administration a B for designating cybersecurity as one of the president’s key management priorities and establishing performance metrics, noting its recently announced update to the Federal Information Security Management Act. The update shifts the focus from paper-based compliance reports to real-time monitoring of federal networks, according to the institute.

“The change in approach provides for faster identification and response to vulnerabilities,” the white paper states. “The administration believes the new approach builds on best practices from both government and industry, thus making our cybersecurity efforts more effective.”

NSCI also gave the administration a B for a lack of substantial progress in conducting interagency legal analyses of priority cybersecurity-related issues and formulating coherent policy guidance that clarifies the roles, responsibilities and application of agency authorities for cybersecurity-related activities across the federal government.

The administration received a D for the months of delay in appointing Howard Schmidt to the cybersecurity coordinator position, as well as another D for failing to release an updated national strategy to secure the information and communications infrastructure.

NSCI further chose to give the administration a B for continuing the dialogue on international cybersecurity agreements. But the White House earned a C for moving too slowly in preparing a cybersecurity incident response plan and enhancing public-private partnerships.

“In September 2010, the Department of Homeland Security released an interim version of a National Cyber Incident Response Plan, a mere 16 months after President Obama’s declaration of cybersecurity as a top administration priority,” NSCI wrote. “That’s hardly a fast-track agenda.”

The White House also scored a C for not living up to its responsibility to coordinate a national cybersecurity research and development agenda, according to the white paper.

 
 

About the Author

Alyah Khan is a staff writer covering IT policy.

Featured

  • Cybersecurity

    DHS floats 'collective defense' model for cybersecurity

    Homeland Security Secretary Kirstjen Nielsen wants her department to have a more direct role in defending the private sector and critical infrastructure entities from cyberthreats.

  • Defense
    Defense Secretary James Mattis testifies at an April 12 hearing of the House Armed Services Committee.

    Mattis: Cloud deal not tailored for Amazon

    On Capitol Hill, Defense Secretary Jim Mattis sought to quell "rumors" that the Pentagon's planned single-award cloud acquisition was designed with Amazon Web Services in mind.

  • Census
    shutterstock image

    2020 Census to include citizenship question

    The Department of Commerce is breaking with recent practice and restoring a question about respondent citizenship last used in 1950, despite being urged not to by former Census directors and outside experts.

Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.