US President Obama calls for stronger Cyber Security laws

Welcome! Please comment and leave me a note telling me what you like and what you'd like to see more of. Sign up to my RSS Feed!

Today, US President Obama called for stronger Cyber Security laws.   It is interesting to note that theme used today emphasizes an action I called for in my paper (and later blog entry) ‘A Strategy To Secure The Federal Cyberspace‘ …  back in 2009.

The call by the President stated:

…Yet, there are core challenges that remain in our work to strengthen America’s cybersecurity:

The problem is that government and the private sector are still not always working as closely together as we should. Sometimes it’s still too hard for government to share threat information with companies. Sometimes it’s still too hard for companies to share information about cyber threats with the government. There are legal issues involved and liability issues. Sometimes, companies are reluctant to reveal their vulnerabilities or admit publicly that they have been hacked. At the same time, the American people have a legitimate interest in making sure that government is not potentially abusing information that it’s received from the private sector.

In my original work, I stated in the opening paragraphs

…that the leadership to form and coordinate the right combination of public and private partnership and a sense of common mission are essential to the task.

In fact, much of my call focused on the specific nature that such common mission must take:

One point that I would like to make clear: Government– Private sector cooperation will have to be a two-way street. The government must lead and contribute, and the private sector must respond in kind. ..

Today, for various reasons which include Privacy concerns, potential Liabilities, the rights of Discovery, and even the US anti-collusion laws hamper the possibilities of functional and efficient Government-Private Sector collaboration.   This is exactly the reason why Congress must act to shield certain types of action and protect the participants.

In 2009 I recommended the cooperation as one of the three major Tenets of my paper.   I further broke it down into two specific action items, the second of which, Task 7, is today’s call from the President:

Task 6: Create an Official advisory board of industry and government luminaries to advise the Chief Information Security Officer in his or her duties.

and

Task 7: Recommend legislative changes, where needed, to allow utilization of public capabilities to test and enhance defenses of sensitive industries.

 

I think we may be on the right track :)

 

 

 

Talking Points: A STRATEGY TO SECURE THE FEDERAL CYBERSPACE

This entry is part of a wonderful series, [slider title="Cyberczar"]Entries in this series:
  1. A Strategy to Secure the Federal Cyberspace
  2. President Obama Announces a "Cyber Czar"
  3. Talking Points: A STRATEGY TO SECURE THE FEDERAL CYBERSPACE
[/slider]

So, some people asked me to compare my suggestions to the President’s Plan.  Here is a little table.

Talking Points: A STRATEGY TO SECURE THE FEDERAL CYBERSPACE

 

The Goal:   “make the federal government a model in cyber security.”

1 Cybersecurity is a Strategic Priority for the United States

Y

 
2 Create a CISO position within the office of the President ½ The level is below my recommendation, but Just.
3 Tie the role to all agencies

Y

 
4 Allocate budget to the Office X Not (yet) done
5 Private / Public Collaboration Y  
6 Information Sharing Y Yes, by mentioning the legislative changes
7 Directed Research Y Specifically mentioning Academe
8 Timeline   Was not mentioned, understood to be a tactical, rather than strategic, issue

As you can see, there is very strong affinity between the two plans.   Of course, without a budget, the efficacy of anyone in this position will be very limited…