Obama security review gets mixed reception

Not shovel-ready after all.

By Grant Gross, IDG News Service
Published: 14:53 GMT, 02 June 09

US President Barack Obama's new cybersecurity report is short on details and creates a federal coordinator position that may have limited power, some cybersecurity experts have said.

The new cybersecurity coordinator will report both to the US National Security Council and the National Economic Council, raising concerns that whomever Obama names will have split priorities, said Stewart Baker, a partner in the Steptoe & Johnson law firm and a former assistant director for policy in the US Department of Homeland Security.

"That is not an indication that this office will be given large amounts of authority," said Baker, who served at DHS during former President George Bush's administration.

While many initial reactions to the release of the Obama administration report were positive, speakers at a Congressional Internet Caucus event Monday raised some concerns, particularly that the report is short on details.

The report, released Friday, calls for the US government to develop a national cybersecurity strategy in addition to the appointment of a federal cybersecurity coordinator. Obama also said cybersecurity would become a key management priority at the White House, and the report recommends a new cybersecurity incident response plan that involves both the US government and the private sector.

Several panellists praised Obama for focusing presidential attention on a growing cybersecurity problem. "I practically wept with joy when the president said that cybersecurity would be a strategic national asset," said James Lewis, senior fellow of the Technology and Public Policy Program at the Center for Strategic and International Studies, a Washington, D.C., think tank.

While the goals in the report are worthwhile, it took the Obama administration longer than promised to deliver it, he said. While the report and accompanying Obama speech were "really strong," the Obama administration will have to develop metrics to measure cybersecurity success and will have to prove it's doing more than Bush's administration did, Lewis said.

Lewis and other panellists pointed out that this is the fourth major presidential announcement on cybersecurity in the past dozen years, with former plans meeting limited success. Bush's national cybersecurity plan, released in 2003, received attention for about six months, and "then it sat on a shelf," said Marcus Sachs, executive director of government affairs for national security policy at Verizon. "It was no longer a priority."

Still, Sachs and Robert Holleyman, president and CEO of the Business Software Alliance, praised Obama for moving the cybersecurity debate forward. "The nature of the threat is growing so substantially that it was important to undertake this review," Holleyman said.

The Obama plan seems headed in the right direction, added Gregory Nojeim, senior counsel at the Center for Democracy and Technology. Friday's report stresses that cybersecurity must not infringe on US residents' privacy, and it recommends the cybersecurity coordinator's office includes a chief privacy officer.

"They seem to be interested in having privacy baked into the solution," Nojeim.

Baker and other panellists said the new coordinator's position will be difficult, as the coordinator will have to rein in cybersecurity efforts at multiple agencies and work with the private sector as well. With such a wide area of responsibility, the first coordinator could easily fail, Baker said.

But with growing reports of sophisticated cybersecurity breaches, the US government needs to take action, Baker added. "This could not be more urgent," he said. "We have to do something, and we have to do it very quickly."

What are your views on this subject? Use the form below to post a comment on this article up to 500 characters.

Characters remaining: 500

Add your commentComments

Rickie Tickie | Published: 13:06 GMT, 03 June 2009

What did you expect? "This could not be more urgent. We have to do something, and we have to do it very quickly." - How's that 'bailout thing' working for you sunshine? The modus operandi of this administration appears to be "Ready, shoot, aim!"

Related Security news

Microsoft denies building security 'backdoor' in Windows 7

Privacy organisations shouldn't read too much into NSA involvement it says

20 November 2009

Pentagon expands exclusive deal with McAfee

Department of Defense uses McAfee products

Police arrest pair over global banking web scam

Man and woman arrested in Manchester for using notorious Zeus Trojan

Security star Fortinet sets price for IPO

Investors still have taste for tech.

Related Security reviews

Lumension application control review

Bit9 Parity Suite

BitDefender Total Security 2008

Email this article to a friend or colleague:

PLEASE NOTE: Your name is used only to let the recipient know who sent the story, and in case of transmission error. Both your name and the recipient's name and address will not be used for any other purpose.

Techworld White Papers

Database security: Preventing enterprise data leaks at the source

IDC discusses the growing internal threats to business information, the impact of government regulations on the protection of data, and how enterprises must adopt database security best practices...

Download Whitepaper

Service-oriented security

SOA has become an integral part of enterprise software by providing a framework to efficiently develop software as services that is easily sharable, reusable, and integrated. No where is the need more apparent than in the Identity Management space. Welcome to the age of Service-Oriented Security (SOS).

Download Whitepaper

Data protection prospective vendor checklist

Organisations need a way to map business needs against all these challenges in procuring a technical solution. To help, SANS has developed the following Prospective Vendor Checklist.

Download Whitepaper

Unlock the power of the mainframe

This whitepaper presents the notion of CICS as an integration hub based on a component-based, service-oriented architecture supporting Web services. Highlights will review the challenges and contrasted support for Web services natively in CICS.

Download Whitepaper

Techworld UK - Technology - Business

COLT White Paper

Are all VoIP services the same?

Questions to ask your service provider to ensure you get the VoIP service you need
With careful choice of partner, your business can have all the advantages of VoIP access - reduced costs, flexibility and simplicity - without the drawbacks.
This white paper is your guide to ensure you get right the VoIP service and details the pitfalls which businesses would do well to avoid.

Download white paper
BMC

Ride the express lane in the journey to speed ITIL adoption

Explore the challenges in making the journey to ITIL and the criteria for selecting consulting services
By following ITIL practices, your IT organisation will become more closely integrated with the business. We recommend making the journey to ITIL in a sequence of six incremental steps, the phases of which are driven through execution of a strategic transformational roadmap.

Download white paper

Webcast: IT Financial Management: Cost Optimisation for Efficiency and Agility.
On Demand Webcast
Join this webcast to learn about the techniques and technologies that can help you prove the value of IT to the business by understanding the true cost of today's IT services and those that will be necessary to deliver future success.

Register Today

Site Map

IDG Network

* *