Many experts are optimistic that the Obama administration will take positive measures in cybersecurity, reports Angela Moscaritolo.President-elect Barack Obama got the attention of those in the information security world when he spoke this summer at Purdue University. It was July 16, 2008 and Obama was on the campaign trail at the Summit on Confronting New Threats.
“As president, I'll make cybersecurity the top priority that it should be in the 21st century,” Obama said.
Obama pointed out that our country's system of information networks are the backbone of our economy – important to every American. This speech became well-known within the cyber-community, and because of Obama's recognition of the importance of the issue, those in the field are optimistic about developments to information security under the next administration.
“It was the first time I'm aware of that any presidential candidate has spoken directly and precisely to the evolving nature of cybercrime and specific steps that would be taken to address that,” says Robert Holleyman (right), president and chief executive officer of Business Software Alliance.
As Obama continued his speech at Purdue, he outlined a plan to improve cybersecurity. He said he would bring together government, industry and academia to determine how to guard the nation's cyber infrastructure, coordinate efforts across the federal government, implement a national cybersecurity policy and tighten standards to secure information.
“We need to build the capacity to identify, isolate and respond to any cyberattack,” Obama continued. “And we need to develop new standards for the cybersecurity that protects our most important infrastructure.”
One of the most notable points that security professionals point to in Obama's Purdue speech was the creation of a new position, National Cyber Advisor, that will report directly to him.
If Obama makes good on his statements, the person appointed to this new position will have an enormous responsibility to advise the president on the changing nature of cyberthreats and how cybersecurity affects national security and the broader infrastructure. The president will need to select someone with a broad view of cybersecurity – equipped with the technical skills, but also someone who can convey the bigger picture and help educate others on why cybersecurity matters, Holleyman says.
Having a cabinet level position around cybersecurity is critical to raising the issue to the main stage and helping policymakers comprehend its importance, says Tom Kellermann (left), vice president of security awareness at Core Security. He is also a member of the Commission on Cybersecurity for the 44th Presidency, established by the Center for Strategic and International Studies (CSIS) to develop recommendations to improve cybersecurity.
“It's elevating the issue to the upper echelons of power,” Kellermann says.
Amit Yoran, CEO of NetWitness and also a member of the Cyber Security Commission for the 44th Presidency, says there has been an increased emphasis on cybersecurity under the Bush administration's current National Cybersecurity Initiative, which is a largely classified effort under the Director of National Intelligence (DNI).
Once the presidency changes hands, the Obama administration will look at the current program and determine how it will evolve.
Things have started to move in a favorable direction from a government and policy perspective, and now there's an opportunity to seize the momentum and make some adjustments. Yoran specifically sees an opportunity to declassify some cybersecurity programs and initiatives so the government can more easily collaborate with the private sector.
“When information remains classified, the government's ability to work with the private sector is really hampered,” Yoran (right) says.
An increased public/private partnership will assist in the development of more reliable and secure technologies, products that deliver a higher level of information security to the U.S. and the world and a better informed government, Yoran says.
“It's really a relationship where both parties and the nation can benefit,” Yoran says. “To date, there is still ill-defined interaction between the two that's caused a lack of a meaningful benefit to both parties.”
Jody Westby (left), CEO of Global Cyber Risk LLC, agrees there will be a renewed emphasis on cybersecurity under the Obama administration.
“There needs to be some real federal action and leadership,” Westby says. “This is an easy win for Obama.”
What can be expected? Westby says a new office devoted to cybersecurity outside of the DHS, an increased focus in securing government systems, increased emphasis on cyberwarfare capabilities, and increased funding for research and development. On the hill, Westby is hopeful to see legislation such as a national identity theft bill.
“I think he will listen carefully to people in the industry, such as the Commission [on Cybersecurity for the 44th Presidency],” Westby says.
The Obama administration will be coming in with knowledge that cybersecurity is going to be a priority in all aspects of what they do, says Dan Lohrmann, chief information security officer for the state of Michigan.
It's going to be an imperative to wrap cybersecurity around other issues. Obama's plan around health care, for example, calls for moving toward electronic information systems and health records. In order to do this, there will need to be more security around those records, Lohrmann says.
Because of Obama's commitment to cybersecurity, Lohrmann (right) says that in the long run there will be an increased focus on enabling trust on the internet, a wider societal awareness of the importance of cybersecurity, new innovative technologies and cyberstrategies, and new mandates and regulations.
Westby sees similar improvements to cybersecurity under the Obama administration. She sees the country ending up with greater coordination and preparedness for attacks from rogue actors, terrorists or nation states, improved security of government systems and improved coordination within government.
“We will see the U.S. once again asserting international leadership in the cybersecurity area,” Westby says “Federal legislation will make it easier for privacy rights to be enforced and to be complied with. All of that will result in improved national and economic security.”