Washington: Together, we can tackle cybersecurity

Washington: Together, we can tackle cybersecurity

Summary: Following a 60-day review of cybersecurity in the United States, the White House today released details of a short-term action plan, which includes the appointment of a "cybersecurity policy official" - a cybersecurity czar, if you will. (PDF of full report)In a nutshell, the report concluded that the U.

SHARE:

Following a 60-day review of cybersecurity in the United States, the White House today released details of a short-term action plan, which includes the appointment of a "cybersecurity policy official" - a cybersecurity czar, if you will. (PDF of full report)

In a nutshell, the report concluded that the U.S. has dropped the ball in terms of cybersecurity over the past 15 years and now needs to step up its game - on both the homefront and internationally. It's time to start shaking things up.  (Techmeme) From the report:

... federal leadership and accountability for cybersecurity should be strengthened. This approach requires clarifying the cybersecurity-related roles and responsibilities of federal departments and agencies while providing the policy, legal structures, and necessary coordination to empower them to perform their missions. While efforts over the past two years started key programs and made great strides by bridging previously disparate agency missions, they provide an incomplete solution. Moreover, this issue transcends the jurisdictional purview of individual departments and agencies because, although each agency has a unique contribution to make, no single agency has a broad enough perspective or authority to match the sweep of the problem.

Of course, the government can't do this alone either. It's going to take a widespread cooperation between public and private sectors, as well.

The Federal government has the responsibility to protect and defend the country, and all levels of government have the responsibility to ensure the safety and well-being of their citizens. The private sector, however, designs, builds, owns, and operates most of the network infrastructures that support government and private users alike. Industry and governments share the responsibility for the security and reliability of the infrastructure and the transactions that take place on it and should work closely together to address these interdependencies. There are various approaches the Federal government could take to address these challenges, some of which may require changes in law and policy.

Uh-oh. Here it comes:

Private-sector engagement is required to help address the limitations of law enforcement and national security. Current law permits the use of some tools to protect government but not private networks, and vice versa. Industry leaders can help by engaging in enterprise information sharing and account for the corporate risk and the bottom line impacts of data breaches, corporate espionage, and loss or degradation of services. Industry leaders can demand higher assurance from vendors and service providers while taking responsibility to create more secure software and equipment. Businesses need effective means to share detection methods, information about breaches and attack methods, remediation techniques, and forensic capabilities with each other and the Federal government.

So, from the private sector perspective, where's the incentive? Keep reading:

If the risks and consequences can be assigned monetary value, organizations will have greater ability and incentive to address cybersecurity. In particular, the private sector often seeks a business case to justify the resource expenditures needed for integrating information and communications system security into corporate risk management and for engaging partnerships to mitigate collective risk. Government can assist by considering incentive-based legislative or regulatory tools to enhance the value proposition and fostering an environment that facilitates and encourages partnership and information sharing.

Already, the President's plan is getting some support from watchdog groups. The Internet Innovation Alliance, a Washington-based group that's backing the idea of a National Broadband Strategy, commended President Obama for bringing the issue to the forefront. In a statement, the group said:

Serious cyber-crime threats against consumers like phishing, hacking and identity theft persist, while national security challenges to government systems and critical infrastructure threaten our country every day. Overcoming these challenges to encourage widespread broadband Internet adoption requires a concerted effort with the government and private sector working closely together. The cybersecurity report and proposed action plan represent an essential first step toward a most critical goal.

The table below details the short-term action plan recommended by the cybersecurity policy review board.

Topics: Security, Government, Government US

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

4 comments
Log in or register to join the discussion
  • Cisco Chief Security Officer Thoughts on CyberSecurity Report

    President Obama?s Findings of the 60-Day Online Security Review - thoughts from Cisco CSO John Stewart http://bit.ly/T1bgt

    in sum: "I?m excited today because of the focused discussion about online security. This debate, where many different voices from the public and private sectors are given voice and being heard, is a significant step forward. The good news is that more organizations, companies, and nations are working together to determine what is, and is not, acceptable, and providing leading practice guidance for the next generation to work, live, and play safely in the online environment."
    JohnEarnhardt
  • The same way they've handled that economy thing?

    I feel so much better.

    /sarcasm
    Hallowed are the Ori
  • Coming to an ISP near you (soon):

    1. User identifiable logging of internet usage.
    2. Your own Homeland Security widget/plasmoid (of course installed without your consent; or preinstalled)

    Oh wait - they already have the right to do that, thanks to some Executive Orders Mr. Bush signed, at the request of his masters.

    Thank you, Mr Obama, for making 'progress' with these BS plans.

    nizuse
  • Why do I get scared everytime our government says better security?

    Oh yeah, I remember, has nothing to do with security and the outside world, but is all about spying on US citizens...
    No_Ax_to_Grind