President Obama issues his long-awaited cyber-security plan to near unanimous praise from the technology industry, not unlike the industry's cheers that greeted former President Bush's 2003 National Strategy to Secure Cyberspace, which has done little to secure the nation's networks. The difference this time? Industry executives claims it is Obama himself.
WASHINGTON—In 2003, then
President Bush, with input from government agencies, the private sector,
academia and the military, issued the National Strategy to Secure Cyberspace to
rave reviews and gushing praise from the IT industry. The plan set guidelines,
avoided mandates and promised a vaguely defined cyber czar. If anything, cyber-security
declined.
On May 29, President Obama issued his own Cyberspace Policy review after input
from virtually every federal agency and security trade group, promising guidance
over mandates. A vaguely defined cyber czar, though now called a cyber coordinator,
will oversee Obama's cyber-security plan. The technology sector wasted no time
in praising the effort.
As the eminent philosopher Yogi Berra once said, "It's like deja vu all
over again."
But executives from Symantec, PGP, RSA, Lockheed Martin, IBM and TechGuard all claimed it will
be different this time. At a press conference a few blocks from the White House
following Obama's late morning
televised event, the executives, most of whom attended Obama's speech,
gathered under the auspices of TechAmerica, one of the capitol's top tech trade
organizations.
TechAmerica President Phil Bond called Obama's speech a "remarkable
event." Enrique Salem, Symantec's CEO, hailed a new era of cyber-security
and vowed, "We will not fall back ... like before," while Suzanne
Magree, president and CEO of TechGuard Security, said that Obama's cyber-security
initiative, "coming so early in his first term, bodes well." IBM Chief Privacy Officer Harriet
Pearson added, "Starting today, we're all security companies."
Of course, much the same things were said of Bush's cyber-security plans.
What's the difference between 2003 and today? Most of the executives seem to
agree it was Obama's very public commitment. Bush didn't televise his cyber-security
plan and often went long stretches of time without even mentioning it.
"Because of the critical importance of this work, I will personally select
this official," Obama said of his cyber-security coordinator. "I'll
depend on this official in all matters relating to cyber-security, and this
official will have my full support and regular access to me as we confront
these challenges. To ensure accountability in federal agencies, cyber-security
will be designated as one of my key management priorities. Clear
milestones and performances metrics will measure progress."
"Politically, he [Obama] put a lot of chips on the table," Bond said.
Salem said the Bush administration
"started us on this path, but Obama has put cyber-security on his personal
agenda, and he said he would personally track progress."
PGP CEO Phil Dunkelberger pointed to
Obama's "force of will and unity."
Perhaps the biggest difference between the Bush plan and Obama's new cyber-security
initiative is the issue of privacy. IBM's
Pearson stated, "This administration has made a commitment to protect
civil liberties."
Even the Center for Democracy & Technology, a fierce watchdog group,
praised Obama's speech.
"It's clear that the White House review team was committed to building
privacy into these cyber-security policy recommendations from the beginning of
the process," CDT President and CEO
Leslie Harris said in one of the dozens of statements flooding e-mail boxes
after Obama's speech. "Further, we are greatly encouraged by the administration's
strong commitment to develop its cyber-security privacy policies in a
collaborative manner with those in the private sector."
Despite all the praise, the road ahead will be a difficult one.
"The White House going public is very important, but Congress has a role
to play," said Shannon Kellogg, RSA’s
director of government affairs and chairman of Tech America’s
Information Security Committee. "Giving him the tools he needs is when the
tough part begins. It's unacceptable that FISMA has not been updated. We need
to update the legal framework we all have to work under."
One of the more formidable fights ahead on Capitol Hill will be dealing with
Sen. John D. Rockefeller's proposed Cybersecurity Act of 2009, which would
clarify the president's authority to protect public and private systems in the
face of an attack or imminent high-level threat to national security,
comparable to the way that Bush exercised his authority on Sept. 11, 2001, to
temporarily ground all aircraft in U.S. airspace.
"What is omitted from this report is as significant as what is included in
it," the Center for Democracy & Technology said in a review of Obama's
plan. "While the report recommends a stronger cyber-security role for the
White House, it does not propose that the president be given the power to limit
or shut down Internet traffic to a critical infrastructure information system."
(Sponsor)
(Sponsor)
(Sponsor)
