Cyber-Security Should Not Limit Enterprise Privacy
NEWS ANALYSIS: Cyber-security is a hot-button issue on Capitol Hill right now. And as President Obama unveils his direction going forward, it is enterprise privacy that could take the biggest hit.President Barack Obama unveiled a cyber-security plan last week that he hopes will ensure the United States is kept secure from cyber-threats going forward. He plans to find a cyber-security coordinator to oversee those efforts.
The cyber-security plan will revolve around a few key initiatives. First off, President Obama wants to establish a framework for incident response, giving government officials and U.S. citizens more guidance in the event of a serious attack. The President also wants to use government resources to spur innovation in the security industry. Obama believes that if the private sector and the public sector work together, the United States could become much safer over time. Following that logic, the President said he wants to increase the number of federal IT workers, while promoting security awareness around the country.
"From now on our digital infrastructure, the networks and computers we depend on everyday, will be treated as they should be-as a strategic national asset," Obama said during a press conference last week. "Protecting this infrastructure will be a national security priority. We will ensure that these networks are secure, trustworthy and resilient."
It's an interesting comment. The President used two buzzwords-secure and trustworthy-in the same sentence. But in the IT business, security and trustworthiness are not necessarily mutually exclusive. See, the issue with cyber-security initiatives and the idea of keeping the United States more secure through such initiatives is great at the surface. It will keep U.S. citizens secure (there's that word again). But will it make the U.S. government trustworthy? And more importantly, will it ensure that the privacy of both consumers and the enterprise is maintained?
There's no way to tell.
Although it was originally proposed April 1 by Sen. Jay Rockefeller and not President Obama, the Cybersecurity Act of 2009 would give President Obama unprecedented control over private networks. If the bill passes, the President could designate private networks as a "critical infrastructure system or network." Once that happens, the President could "declare a cyber-security emergency and order the limitation or shutdown of Internet traffic to and from" that network. The bill also proposes that software companies would need to get government approval on new security applications.
But the biggest problem with the bill is that it would provide the Secretary of Commerce with the authority to access "all relevant data concerning [private] networks without regard to any provision of law, regulation, rule or policy restricting such access." In other words, the company operating the private network wouldn't have any legal recourse if the government decided to swoop in and access any and all "relevant" data on the network.
To assuage security concerns, the bill does feature a caveat, which requires the president to justify his actions "with appropriate civil liberties and privacy protections." Whatever that means.