Highlights
– Commission recommends a new White House office be created to address the nation’s cyber-security threats
– Report says the Department of Homeland Security does not have capacity to address the large-scale challenges of cyber-security
– President-Elect Barack Obama pledges to appoint a National Cyber Advisor
The Commission on Cyber Security for the 44th Presidency issued its final report on December 8, 2008, and among its many recommendations, the commission stated that President-Elect Barack Obama should create a new office in the White House – the National Office for Cyberspace. The commission, which is an independent, non partisan group of executives, high-ranking military officers and intelligence officials, leading computer security specialist and two members of Congress, has been exploring ways in which the next United States (US) President should address the nation’s cyber-security threats. In order to produce the report, commission members say they spent countless hours reviewing tens of thousands of pages of undisclosed documentation, visited forensics labs and the National Security Agency, and were briefed by top officials from the Pentagon, Central Intelligence Agency (CIA), and the British spy agency MI5. Upon completing the document reviews, interviews, and meetings, the commission concluded that the threat of cyber-attacks is too vast for any one agency to address single-handedly and must be addressed by a new White House office as well as pursuant to revised laws and government practices.
Currently the US Department of Homeland Security (DHS) is charged with combating cyber-terrorism, which the report states, “is not the agency to lead in a conflict with foreign intelligence agencies or militaries, or even well organized international cyber criminals.” The National Center for Cybersecurity is a division within the DHS’s Directorate of National Protection and Programs charged with addressing cyber-security threats, and according to a Government Accountability Office (GAO) report in September 2008, the agency is still not adequately prepared to address these threats.
With so many of the nation’s businesses and governmental entities dependent on information technology (IT) systems, the need to take significant and timely measures to secure the nation’s public and private IT infrastructures is a matter of national security and is vital to maintain the US’s economic and technological advantage in the world. In reference to the large-scale battles being fought in cyberspace between IT security experts and law enforcement against hackers and other cyber-criminals, one of the commission’s members stated, “we’re playing a giant game of chess now and we’re losing badly.”
Cyber-security is an issue that affects each governmental agency, private company, and individual and each one of these entities will need to develop and implement the policies and technologies needed to secure their organization. Direction and oversight from a new governmental office is needed to complete this monumental task and that is precisely what the commission is recommending. Depending on the level of importance placed upon the creation of the new office, President Obama may or may not move quickly to create it, if at all. If President Obama follows the committee’s recommendation to create the National Office for Cybersecurity, we expect it will take a year or more for tangible results to become evident.
Commission Details New Cyberspace Office Layout and Responsibilities
According to the commission’s final report, the proposed new National Office for Cyberspace should take a “federated approach”, modeling itself after the Office of the Director of National Intelligence. The office would merge the DHS National Center for Cybersecurity and the Joint Inter-Agency Task Force (created by the Director of National Intelligence) and would be staffed by 10 to 20 employees. The newly created Network Operations Center’s (NOC) responsibilities would include issuing security standards for cyber infrastructure to other agencies and would monitor their compliance.
Over the past year, the commission’s recommendations have been making their way to President-Elect Barack Obama, who stated during a campaign speech in July 2008 that he would “declare our cyber-infrastructure a strategic asset” and he would “bring together government, industry and academia to determine the best ways to guard the infrastructure that supports our power.” He also pledged that, if elected, he would appoint a “national cyber advisor” who would report directly to the President.
In the near term, we believe that incoming President Obama has to make the task of shoring up the nation’s cyber defenses an integral part of his plans to repair the nation’s worsening economic crisis. As businesses and government agencies move more data and services into databases and onto the Internet, the need to ensure that these IT systems and networks are secure will be vital to a national economic recovery initiative. If customer financial data is stolen or a piece of the nation’s critical infrastructure suffers a widespread attack from hackers, the effects could be catastrophic to the nation’s already dire economic situation.