WASHINGTON -- President Barack Obama said Friday the nation's digital infrastructure is under near constant attack and confirmed he will create a White House office for cybersecurity, but offered few details of his strategy to counter threats to U.S. data systems.
Mr. Obama convened government officials and corporate executives at the White House for a formal announcement of his decision to name a cybersecurity czar, who will effectively serve two masters. The official will be on the staff of both the National Security Council and the National Economic Council.
The threat from hackers to critical data systems is among the "most serious economic and national-security challenges" facing the U.S. today, Mr. Obama said.
Mr. Obama revealed the computers used by his own general-election campaign were penetrated between last August and October, with hackers accessing "emails and a range of campaign files, from policy position papers to travel plans."
Mr. Obama said he will personally pick the new cyber chief, in recognition "of the critical importance" of the job. But he didn't say who would get the post.
Mr. Obama compared the failure to invest in digital infrastructure with a lack of investments in roads and bridges. But he offered few details about what he would do to change that landscape, beyond promising to develop and adopt what he called a "comprehensive strategy to secure America's information and communications networks."
Mr. Obama said the government "will not dictate security standards for private companies," but instead "will collaborate with industry to find technology solutions that ensure our security and promote prosperity." He also said he would invest in what he called "cutting-edge research and development" and an awareness campaign.
Dale Meyerrose, former chief information officer for the U.S. Director of National Intelligence and currently a vice president of Harris Corp., a communications and technology company, said one important challenge will be finding a way to persuade private companies, especially those in price-sensitive industries, to invest more money in digital security. "You have to figure out what motivates folks," he said.
Art Coviello, president of security technology specialist RSA, part of EMC Corp., said technology companies will embrace better security as a way to help their businesses expand online, but not all industries will be so eager. "At the other end of the spectrum are companies that view any encumbrances as a tax and will be negative and cynical for whatever reason," he said.
Mr. Obama sought to ease concerns among civil libertarians, pledging that the new effort will not include additional monitoring of private-sector networks or Internet traffic. He said he would appoint a privacy officer to protect the public's interests.
Government officials have been growing increasingly concerned with attacks against computers tied to the national defense network and critical national infrastructure, including the nation's electrical grids and its air-traffic control system. Attacks against private citizens are also rising sharply.
The U.S. president has announced a comprehensive cybersecurity strategy for the federal government, saying Internet-based threats have risen "dramatically" and the country "must act to reduce our vulnerabilities."
A 76-page White House document calls for a new way of looking at Internet and computer security, saying that private-public partnerships are necessary, collaboration with international organizations will be vital, and privacy and civil liberties must be respected in the process.
Sound familiar? The year was 2003, and the president was George W. Bush, who wrote the introduction to what he called a "National Strategy to Secure Cyberspace."
On Friday, President Obama announced his 76-page "Cyberspace Policy Review"--with precisely the same number of pages as his predecessor's--at an event at the White House.
While the Bush document discusses centralizing cybersecurity responsibilities in the Department of Homeland Security and the Obama document shifts them to the White House, the two reports are remarkably similar. Perhaps this should be no surprise: Obama selected Melissa Hathaway, who worked for the director of national intelligence in the Bush administration and was director of an Bush-era "Cyber Task Force," to conduct the review.
To test your political acumen, we've taken excerpts from both and placed them side by side in the following chart. Can you tell which quotations come from which administration? (An answer key is at the end.)
| #1: Privacy and civil liberties | "The United States needs a partnership between government and industry to perform analyses, issue warnings, and coordinate response efforts. Privacy and civil liberties must be protected in the process." | "Work with the private sector to explore how best to apply technical capabilities to the defense of the national infrastructure and what legal framework would be required to ensure the protection of privacy rights and civil liberties." |
|---|---|---|
| #2: Sophisticated attacks | "The attack tools and methodologies are becoming widely available, and the technical capability and sophistication of users bent on causing havoc or disruption is improving." | "The growing sophistication and breadth of criminal activity, along with the harm already caused by cyber incidents, highlight the potential for malicious activity in cyberspace to affect U.S. competitiveness." |
| #3: Public-Private partnerships | "The federal government invites the creation of, and participation in, public-private partnerships...The government will continue to support the development of public-private partnerships." | "The federal government should examine existing public-private partnerships to optimize their capacity to identify priorities and enable efficient execution of concrete actions." |
| #4: Crisis responses | "Providing crisis management in response to attacks on critical information systems...In wartime or crisis, adversaries may seek to intimidate by attacking critical infrastructures and key economic functions or eroding public confidence in information systems response." | "The Federal government's obligation to protect the American people and to provide for the common defense includes a responsibility to ensure that the Nation can communicate and respond in times of crisis. The communications system itself might bear the brunt of such events and must have resilience or the capability to recover." |
| #5: Coordination | "The United States must improve interagency coordination between law enforcement, national security,and defense agencies involving cyber-based attacks and espionage..." | "The United States (must) achieve a more reliable, resilient, and trustworthy digital infrastructure for the future.... It presents the need for greater coordination and integrated development of policy." |
| #6: Critical infrastructure | "Our nation's critical infrastructures are composed of public and private institutions in the sectors of agriculture, food, water, public health, emergency services, government, defense industrial base, information and telecommunications, energy, transportation, banking and finance..." | "They have also become essential elements in the operation and management of a range of critical infrastructure functions, including transportation systems, shipping, the electric power grid, oil and gas pipelines, nuclear plants, water systems, critical manufacturing, and many others." |
| #7: Terrorists | "Malicious actors in cyberspace can take many forms including individuals, criminal cartels, terrorists, or nation states...The speed and anonymity of cyber attacks makes distinguishing among the actions of terrorists, criminals, and nation states difficult." | "A growing array of state and non-state actors such as terrorists and international criminal groups are targeting U.S. citizens, commerce, critical infrastructure, and government...Exploitation of information networks and the compromise of sensitive data...leave the United States vulnerable." |
| #8: International cooperation | "Enabling our ability to do so requires a system of international cooperation to facilitate information sharing, reduce vulnerabilities, and deter malicious actors." | "Only by working with international partners can the United States best address these challenges, enhance cybersecurity, and reap the full benefits of the digital age." |
| #9: International organizations | "We are also ready to utilize government-sponsored organizations such as the Organization of Economic Cooperation and Development (OECD), G-8,the Asia Pacific Economic Cooperation forum (APEC), and the Organization of American States (OAS), and other relevant organizations to facilitate global coordination on cybersecurity." | "More than a dozen international organizations including...the Group of Eight, NATO, the Council of Europe, the Asia-Pacific Economic Cooperation forum, the Organization of American States, the Organization for Economic Cooperation and Development...address issues concerning the information and communications infrastructure." |
| #10: Catastrophic attacks | "Providing continuity of government requires ensuring the safety of its own cyber infrastructure and those assets required for supporting its essential missions and services." | "The Federal government's obligation to protect the American people and to provide for the common defense includes a responsibility to ensure that the Nation can communicate and respond in times of crisis." |
Answer key: All of the excerpts from the left column are taken from Bush's National Strategy document from February 2003. The right column represents excerpts from Obama's Cyberspace Policy Review document from May 2009
No comments:
Post a Comment