President Obama's recent announcement unveiling a protection plan for the nation's digital infrastructure and a new federal cyber coordinator position was met with both praise and criticism from information security experts.
While some said the goals are necessary steps, others are curious to see what action will support the talk.
“This is not something you can change overnight, but it had to start somewhere,” said Jeff Moss, founder of the Black Hat and DEFCON conferences. He said that securing the nation's infrastructure will be a daunting task because the government is using a lot of old technology that works, but isn't secure.
Bruce Schneier, chief security technology officer at BT, is optimistic about what Obama said, but thinks the speech sounded similar to one given by President Bush. “What matters is what's done,” Schneier said.
As part of the plan, the government will expand partnerships between the public and private sector, and invest in research and innovation. In addition, a federal cyber coordinator will be appointed to oversee government cybersecurity initiatives, Obama said in late May.
John Prisco, CEO of Triumfant, provider of compliance management, said he was disappointed that the cyber coordinator was not immediately named – even though the review was delivered to the administration a month before it was released to the public. In addition, Prisco said, “It doesn't appear the [cyber coordinator] position will have enough power to get the job done.”
He believes the cyber coordinator must have oversight covering the various agencies involved in federal cybersecurity initiatives, such as the U.S. Department of Homeland Security and the National Security Agency, and that the coordinator must directly report to the president.
Similarly, Schneier says past examples have proven that if White House “czars” don't have budgetary authority, they are reduced to “cheerleaders.”
Note: As of publication date, President Obama had not yet announced a cyber coordinator.