My take on President Obama’s CyberSecurity initiative
Last Friday, President Obama presented his conclusions on the report he commissioned some weeks after entering the White House about cyber-security in the United States. This review, coordinated by Melissa Hathaway, focused on understanding the efforts made until now by the federal government to protect the information and communication infrastructure in the United States, and to present recommendations to protect these networks and guarantee prosperity in the country. You can see a video of Obama’s speech, and the transcript. The complete report is also available.
For those of us involved in IT security, there was nothing really new in the President’s speech, nor in the report itself. However, it is possible to detect a transcendental change since May 29, 2009: President Obama, has clearly and firmly warned American society (and by extension the rest of the world) of the need to take coordinated action to protect cyber infrastructure and the activity it supports against the growing threats of cyber-crime and cyber-terrorism. This, from my point of view, represents a turning point. At the following links you will find the view that some of the analysts I regularly follow have taken on this announcement: Bruce Schneier, Byron Acohido, Wall Street Journal, USA Today and Brian Krebs.
No longer is it just companies in the IT security sector (whose perspective could be perceived to be driven by business interests) that are leading the calls to combat this scourge. The Obama administration has now joined the drive to promote awareness which the industry has been involved in for years. I wouldn’t say that the efforts made by public authorities in various countries until now have been completely invalid, but I would say that they could have been better.
The actions announced by President Obama come into five broad areas:
-
Establishing clear leadership in cyber-security issues, with an adequate structure to review laws and policies and improve accountability of federal, state and local administration in the USA.
-
Developing an environment that facilitates a coordinated response from government, private entities and allies to any cyber-security event that requires it.
-
Strengthening collaboration between the American government and its allies as well as with the private sector (which is actually responsible for most critical network infrastructure). All of this, without dictating security standards, rather collaborating to implement measures to improve security and ensure prosperity.
-
Increasing investment in innovation and development to ensure that it meets predicted future requirements.
-
Starting a social awareness campaign which not only informs the public of the risks, but which is also designed to prepare people to work and innovate in technologies that will be developed throughout the 21st century.
I fully agree with the direction of the proposed actions, not just in the United States but also in all other countries. We have in the past seen numerous initiatives, but many of them have lacked leadership, commitment or support. As in the ‘physical’ world, problems that affect cyber-security and the security of other telecommunication infrastructures will continue to increase and we need mid-to-long-term commitments and objectives if they are really to make a positive contribution to resolving these problems.
![[Post to Twitter]](http://www.pandainsight.com/en/wp-content/plugins/tweet-this/icons/tt-twitter.png){kind=icon}
Reading 