Expect changes in U.S. approach to cybersecurity

The U.S. approach to cybersecurity is likely to change significantly under the Obama administration.  Although it’s not clear yet exactly what priorities will be sacrificed to make room for the increased focus, or how the changes will all play out, here are some highlights of recent activities in this area:

• Reports: A recent report highlighted weaknesses in U.S. cybersecurity efforts, and recommended changes to U.S. cybersecurity leadership and policy, including the White House taking over the lead for cybersecurity efforts from DHS.
• Obama Administration: President-elect Obama’s statements during the campaign, and his relationships with the authors of the reports (several of whom are advisors to his campaign), suggest that he’ll probably appoint a “cybersecurity czar” at the White House to coordinate national cybersecurity efforts.  Speculation is rising about who he’ll appoint to the post.
• Congress: Key members of Congress have stated concerns about our lack of preparedness and inability to protect from and respond to cyber attacks.
  • Rep. Dutch Ruppersberger (D-MD), chair of the House Intelligence subcommittee on Technical Intelligence, says billions of dollars need to be invested by both government and the private sector.  Rep. Ruppersberger also supports appointment of a “cybersecurity czar” at the White House.
  • Rep. James Langevin (D-RI), chair of the House Homeland Security subcommittee on Cybersecurity, said “We’re way behind where we need to be now.”  Rep. Langevin has also called for leadership of cybersecurity efforts to be removed from DHS, and for increases in our offensive cyber warfare capabilities to use as a deterrent (much as our offensive conventional and nuclear capabilities are used as a deterrents to conventional and WMD attacks).
• DHS: Although DHS Secretary Michael Chertoff agrees we have significant vulnerabilities, he cautions against changing leadershipof cybersecurity efforts at this stage.  But incoming Secretary Janet Napolitano may have a different view, especially if changes are supported by President-elect Obama.
• Front-Line Stakeholders: Many key participants in a recent cyberwar simulation exercise reported that we’re not prepared for a real cyberwar.
• Recent Precedents: Cyber attacks aimed at Estonia earliet this year, and aimed at Georgia during the recent conflict between Russia and Georgia in South Ossetia underscored both the likelihood and effectiveness of cyber-attacks during a conflict of any kind.  These attacks were effective, even though they are widely believed to have come from non-state actors (Russian sympathizers).

Summary:

With agreement about our vulnerability all the way from the front line to Congress and the White House, expect some major changes in both leadership and policy.  Increases in funding should also be expected, though whether funding comes as new expenditures or shifting of funding from other areas remains to be seen.

For more information:

• Commission on Cybersecurity for the 44th Presidency
• Report: Securing Cyberspace for the 44th Presidency
• Report offers warnings and recommendations for cybersecurity
• Chertoff urges caution on potential of new cybersecurity laws
• U.S. not ready for cyber attack
• U.S. urged to go on offensive in cyber war
• DHS Rebuttal: Getting the facts straight on cybersecurity

Report offers warning and recommendations on cybersecurity

From The Providence Journal:

The Center for Strategic and International Studies (CSIS), a Washington-based think tank that specializes in national security issues, on December 8th released a year-long study of how the Obama administration can fight threats to the security of the nation’s computer systems — private as well as public.

The report, titled Securing Cyberspace for the 44th Presidency, is intended to draw attention to computer hacking, the theft of electronic information and related dangers of the Internet Age. It may also spark controversy with such suggestions as making the White House the center of a national “cyber security” effort.

“This is not some hypothetical catastrophe,” James A. Lewis, the chief of the study commission, said in a preview of the report on cyber security in September. “We are under attack and taking damage,” said Lewis.

CSIS assembled the 55-member commission that produced the report after more than a dozen secret meetings and several public ones that took testimony from scores of experts on computer technology, the Internet, information security and related fields.

• Full story
• Full report

Cybersecurity report & recommendations due in November

The Commission on Cyber Security for the 44th Presidency, recently gave a “sneak peak” of some of their recommendations to a House homeland security subcommittee.  DHS has rejected many of the recommendations offered during the hearings (see also this post by Robert D. Jamison, DHS Under Secretary National Protection & Programs – look down the page for the post on Sept 20).

[UPDATE: Members of the subcommittee take up the recommendations from the Commission and urge the U.S. to go on offensive in cyberwar]

[Update 10/16: Robert Jamison, DHS Undersecretary of the National Protection and Programs Directorate rebuts a GCN editorial on this subject]

The Commission is scheduled to release the final report and recommendations in November (1 year after it was formed).

See Also:

• Comprehensive National Cyber Initiative (CNCI)