Positive reactions from the security industry are coming in response to President Obama’s decision to set up a high-level cybersecurity coordinator within the federal government.
Obama said the coordinator — pointedly not named czar, which sounds dictatorial — would lead an effort to beef up both defensive and offensive cybersecurity capabilities. The coordinator would not take over the cybersecurity role, but rather facilitate different parts of the government, such as the FBI or the National Security Agency, to work together to make government spending on the issue to be more effective. The proposal was accompanied by a report on cybersecurity.
Obama said that the cybersecurity coordinator would report to both the National Security Council and the National Economic Council. As such, it is not a cabinet-level appointment. Obama said he would appoint someone soon.
Jeff Moss, organizer of the Black Hat series of hacker/security conferences, said that the swift action coming so early in the Obama presidency means that there is more high-level attention being paid to the problems of computer security than in the past. Moss has felt that issue has festered for as long as seven years, since most efforts in the past were solely focused on counter-terrorism.
He noted that even though Obama did not make the position a cabinet-level post that reports directly to the President, the White House involvement would elevate the issue’s importance. But Moss said there are plenty of issues to be worked out. In some ways, government involvement in protecting networks means that there will likely have to be more monitoring of networks, Moss said. But Obama said that the cybersecurity effort would not trample on privacy and individual rights. That sounds like a contradiction to Moss.
In the announcement, Obama proposed that an independent privacy and civil liberties officer be appointed to assess whether any security efforts represent a threat to U.S. citizens. The subtext is the officer will watch out for issues such as the warrantless wiretapping under the Bush administration.
Just how far to go in pursuing criminals is just one of the many issues that government would have to address further. Moss said that other nations such as China are likely ahead of the U.S. in developing offensive uses of cyber warfare. He said the U.S. should catch up, if only to create a deterrent against others. But it would be very nasty if any of the cyber warfare technology created by the government leaked out and was used against U.S. civilians.
The Center for Democracy and Technology, a tech lobbying group, echoed that concern and said that protecting privacy should be a priority, particularly as agencies share information about dealing with cyber threats. The Electronic Frontier Foundation also chimed in with its own concerns about privacy.
“Today marks the beginning of a new era of White House leadership in cybersecurity,” said Phyllis Schneck, vice president at security software vendor McAfee who has worked with the government on cybersecurity. “Cyberthreats are very real, ongoing, and very dangerous.”
Likewise, Tiffany Jones, director of government relations for Symantec, said in an interview that the company is happy with the overall approach of the Obama administration. She noted it was the first time any U.S. President had placed cybersecurity so high on the national agenda, tying it both to infrastructure safety and economic security.
She said it would be important to educate everyone, including Internet-browsing kids, about the threats they should watch out for. She also said it would be important for the U.S. to work together with others to eliminate safe havens for cybercriminals in foreign countries. Jones said it remains to be seen as to whether there will be resources and funding made available to deal with cybercrime.
“The role of the coordinator is going to be absolutely crucial in the success of this,” Jones said.