U.S. President Barack Obama pledged a new era for the country’s cyber-security efforts today as White House officials pulled the covers off the 60-day review of the government’s cyber-security posture.
The document, available here, calls for anchoring leadership for cyber-security efforts at the White House. To that end, Obama also announced the creation of the cyber-security coordinator, though he did not name who will step into those shoes.
“From now on our digital infrastructure, the networks and computers we depend on everyday, will be treated as they should be – as a strategic national asset,” Obama said at a press conference. “Protecting this infrastructure will be a national security priority. We will ensure that these networks are secure, trustworthy and resilient.”
The review goes on to talk about building a framework for incident response, encouraging innovation in the security industry, promoting security awareness and building up the federal information technology work force.
Stating that federal responses to cyber incidents have not been unified, the review recommends the federal government develop “a clear and authoritative cyber-incident response framework” documented in a revised Cyber Incident Annex for the National Response Framework. The federal government should also collaborate with state, local and tribal governments and industry to develop a set of threat scenarios and metrics that can be used for risk management decisions, recovery planning and prioritization of research and development, according to the report.
One of the technologies mentioned specifically in the review is identity management, which the report contends should play an important role in protecting critical infrastructure.
“The federal government-in collaboration with industry and the civil liberties and privacy communities-should build a cyber-security-based identity management vision and strategy for the nation that considers an array of approaches, including privacy-enhancing technologies,” the report states.
Striking that balance between ensuring security and protecting civil liberties will be an area of focus for the government as it goes forward with its plans, Obama said in his remarks.
“The vast majority of our critical information infrastructure in the United Statesis owned and operated by the private sector, so let me be very clear – my administration will not dictate security standards for private companies,” Obama said. “On the contrary we will collaborate with industry to find technology solutions that ensure our security and promote prosperity.”
“Our pursuit of cyber-security will not include, I will repeat, will not include, monitoring private sector networks or Internet traffic,” he continued. “We will preserve and protect the personal privacy and civil liberties that we cherish as Americans.”