More than two months before he is even scheduled to be sworn in, Barack Obama already has become something of a darling in the technology community. His campaign relied heavily on the youth vote, which he courted through deft use of social networking sites, message boards and email fund-raising efforts. And he has promised to appoint the country’s first CTO once he takes office, a move that has drawn praise from many industry observers who say that it is long overdue.
But the proposal that hasn’t gotten much attention as of yet is Obama’s cybersecurity plan. In his policy statements, Obama puts a lot of emphasis on protecting the country’s public and private networks, putting money into research and development for more secure and reliable software and hardware and getting a handle on the cybercrime problem.
- Strengthen Federal Leadership on Cyber Security: Barack Obama will declare the cyber infrastructure a strategic asset and will establish the position of national cyber advisor who will report directly to the president and will be responsible for coordinating federal agency efforts and development of national cyber policy.
- Initiate a Safe Computing R&D Effort and Harden our Nation’s Cyber Infrastructure: Barack Obama will support an initiative to develop next-generation secure computers and networking for national security applications. He will work with industry and academia to develop and deploy a new generation of secure hardware and software for our nation’s critical cyber infrastructure.
Stop me when this starts to sound familiar. These are all points that were laid out in the National Strategy to Secure Cyber Space, the document that the Bush administration commissioned nearly six years ago. The plan was developed with the input of a long list of security expertsm industry executives and academics and it had a wealth of good ideas in it, almost none of which were ever implemented. The national strategy became a punch line in the industry within days of its release, and within a few months the office in the White House that was dedicated to cybersecurity issues was dissolved, and that function was shipped off to the Department of Homeland Security where it has been ignored ever since. Several people involved in that process told me at the time that they didn’t expect anything to come of the strategy because there was no one person or even department responsible for implementing the plan, and they were exactly right.
Exactly two years after the release of the national strategy, the Presidential Information Technology Advisory Committee submitted a separate report to President Bush outlining the dire state of the nation’s cybersecurity efforts and urging immediate action on a number of fronts: research and development, education and recruitment of security talent to federal agencies. The result? In the words of Eugene Spafford, who was a member of that committee and spoke at our Information Security Decisions conference last week: “We did just enough to get the committee disbanded.” That’s encouraging, no?
So it’s come to this: Our expectations for federal cybersecurity efforts are so low that the mere mention of it by the president-elect has people giddy. There’s no way to know at this point whether Obama will follow through on his promises on this front, and he clearly has a few other issues that are going to take precedence in the first months of his presidency. But the fact of the matter is, all politics aside, even a minimal effort from his administration would be a vast improvement over what we’ve seen in the last eight years. Many of the recommendations made in the national strategy and the PITAC report are still valid right now, and despite the bitter taste many of them have in their mouths, I’d bet many of those involved in those previous efforts would help again, given some assurances that their input would be taken seriously this time.
Let’s hope that Obama keeps his promises and puts some money and resources behind the cybersecurity effort and gets things turned in the right direction. That would be a change we could believe in.