Privacy Working Group

The Obama administration could ask Congress for regulatory changes to create “far-reaching incentives” for prioritizing cybersecurity in the private sector, which controls much of the nation’s critical IT infrastructure, a high-ranking Department of Homeland Security official said Thursday.

Acting Assistant Secretary for Cybersecurity and Communications Michael Brown said a range of proposals are being considered by the White House and the department as their cybersecurity plan unfolds.

The department is moving quickly to streamline its cyber processes, Brown told an Armed Forces Communication & Electronics Association conference. The agency is on track to collocate its U.S. Computer Emergency Readiness Team and other key components of the National Cyber Security Division by November. Officials hope the synergies of sharing a physical space will enhance their operational capabilities. NCSD’s primary base of operations is in Arlington, Va., but it has staff in Pensacola, Fla., and employees detailed to other agencies.

Homeland Security Secretary Napolitano’s selection of under secretary Philip Reitinger to head the National Cybersecurity Center this month, was another step forward, he said. The center’s first director, Rod Beckstrom, resigned abruptly in March. The Silicon Valley entrepreneur was tapped today by the Internet Corporation for Assigned Names and Numbers to become the organization’s president at a meeting in Sydney, Australia.

Read More

Yesterday the House Committee on Science and Technology held a hearing to discuss cybersecurity activities at the Department of Homeland Security (DHS) and the National Institute of Standards and Technology (NIST). To read witness recommendations please find their official testimony linked below.

The witnesses include:

• Gregory C. Wilshusen, Director, Information Security Issues, Government Accountability Office (GAO)
• Mark Bregman, Executive Vice President and CEO, Symantec Corporation
• Scott Charney, Corporate Vice President, Trustworthy Computing, Microsoft
• Jim Harper, Director of Information Policy Studies, Cato Institute

On Friday May 29, 2009 President Obama announced that cyberscurity was going top be a priority. According to PCMAG.com:

“[The] cyber threat is one of the most serious economic and national security challenges we face as a nation,” Obama said during a press conference at the White House. “It’s the great irony of our Information Age – the very technologies that empower us to create and to build also empower those who would disrupt and destroy.”

Despite recent progress at the federal level, the U.S. is not adequately prepared to battle current cyber security threats, Obama said. This is largely due to overlapping missions and lack of communication between federal agencies and with the private sector.

The full report can be found here.

The good:The administration recognizes the need for enhanced vigilance to address cybersecurity.

The bad: Just creating another bureaucracy does not guarantee results. The plan has little details. According to Computer World magazine, James Lewis, senior fellow of the Technology and Public Policy Program at the Center for Strategic and International Studies, who both praised and issued a note of caution on the announcement said:

While the goals in the report are worthwhile, it took the Obama administration longer than promised to deliver it, he said. While the report and accompanying Obama speech were “really strong,” the Obama administration will have to develop metrics to measure cybersecurity success and will have to prove it’s doing more than Bush’s administration did, Lewis said.

Lewis and other panelists pointed out that this is the fourth major presidential announcement on cybersecurity in the past dozen years, with former plans meeting limited success.

Also, creating needless layers of bureaucracy will put taxpayers at risk.

The Ugly:If the administration thinks that they can placate people’s concerns regarding cybersecurity with one announcement and some nice platitudes they can do more harm than good.

Cybersecurity and privacy will work together hand in hand. A government that is obsessed with compiling people’s personal information also needs to be obsessed with protecting that information.