Industry reacts to Obama's cybersecurity speech
The cybersecurity industry was abuzz Friday after President Obama, speaking before public and private sector leaders, announced a federal “cyber coordinator” will be appointed and unveiled a five-part digital infrastructure protection plan for the country.“All in all, it's kind of exciting," Jeff Moss, founder of the Black Hat and DEFCON hacker conferences, told SCMagazineUS.com on Friday. "This is the most amount of activity we are seeing in this area."
Most observers praised Obama's decision to create a White House cyber coordinator, which has been a topic of much speculation and debate in recent months.
“This position has been long overdue,” Mandeep Khera, CMO for web application security firm Cenzic, said in a statement. “It's great to see the commitment that President Obama has given to cybersecurity.”
He said the appointee will be charged with developing a plan of action that will engage both the public and private sector, while protecting civil liberties.
The ideal candidate for the cyber coordinator position will possess strong technical and organizational skills, said Randy Abrams, director of technical education at security firm ESET. This person also will have to be an effective communicator and work aggressively with counterparts in the federal government to improve information security within agency systems and on critical infrastructure, said Shannon Kellogg, director of information security policy at EMC and a member of the Center for Strategic and International Studies Commission on Cybersecurity for the 44th Presidency, which last year provided a report to Obama with recommendations for securing cyberspace.
Many security experts also applauded the administration's release of its 60-day federal cybersecurity review -- which coincided with Obama's speech. Some praised the report, while others believed it missed the mark.
"The administration's report is a culmination of the most focused and thorough discussion about the security of the nation's online infrastructure," Cisco CSO John Stewart, who attended the White House press conference Friday, said in a statement.
Rep. Bennie G. Thompson, D-Miss., chairman of the Committee on Homeland Security, applauded the administration's completion of the review and called the establishment of a White House office to coordinate cybercrime initiatives a "milestone."
“This is a thoughtful review and I agree with many of its findings,” Thompson said. “Now is the time for action.”
Others, though, said that there was room for improvement in certain areas.
Chris Schwartzbauer, vice president of sales and marketing at patch management provider Shavlik Technologies, said Obama referred to the cyberthreats facing the nation but did not focus enough on their nature.
“The more information we get about where threats are coming from will help us better defend against them,” Schwartzbauer said.
Forrester senior analyst Andrew Jaquith said in a blog post Friday that certain areas of the report could have been improved. Specifically, the review places too much faith in consumer education to help deter fraud and identity theft.
“Consumers know very well that the internet is a dangerous place, full of predators and identity thieves,” Jaquith wrote. “The government should instead be asking, why is the information that consumers have on their PCs so valuable [to criminals]? And what can the government do to move authentication beyond the broken password paradigm most users follow today?”
Jaquith told SCMagazineUS.com on Friday that he believes the report should have recommended that the United States make the government a trusted source for national digital identities, as many European countries have done. Also, the report should have noted more urgency in securing the nation's critical infrastructure.
