In the wake of repeated warnings by former top-level government cybersecurity experts that the United States is ill-prepared for a cyberwar, White House Cybersecurity Coordinator Howard Schmidt disclosed Tuesday the Obama administration’s plans to prepare for the cybersecurity needs of the future.
The administration is taking a multifaceted approach to cybersecurity, Schmidt said at the RSA Conference 2010 in San Francisco.
“Security is not a binary thing we do — our cybersecurity policies have to be well aligned, so we’re looking at digital networks to make sure they’re resilient and robust,” he said. “We also need to reach out; we don’t want to do things that hamper innovation.”
Part of reaching out is working with the National Economic Council, Schmidt said. Another part is having the national security staff, which consists of representatives from various government agencies and departments, pull together a holistic picture of how the economy and cybersecurity are intertwined.
A 360-Degree View
Schmidt also spoke about the Cybersecurity Policy Review commissioned by President Obama, which calls for changes in the United States’ approach to cybersecurity.
The U.S. needs to have a handle on the ever-changing state of cybersecurity, he said. It also needs to look at its cybersecurity policies in terms of current requirements and make sure they are updated as needed.
In order to achieve these goals, the national security staff keeps President Obama and his key advisers informed about the comprehensive picture it puts together of cybersecurity and the economy, Schmidt said.
That support at the highest levels is critical.
“One of the key issues of governance is you have to have leadership from the top,” Schmidt said. “Many of us have spent our careers pushing upwards from the bottom, and market prices and other factors have been an impediment in the past. They’re no longer an impediment.”
The Cybersecurity Policy Review also calls for addressing international cooperation in the cybersecurity field, developing an instant response plan for cyberemergencies, and transparency in government.
Our Overseas Friends
One of the worst problems cybersecurity professionals face is that they’re restricted by regional, local and national boundaries, while cybercriminals are not.
Local, state and federal law enforcement agencies in the U.S. don’t cooperate much, and cooperation with international law enforcement is even worse. Meanwhile, cybercriminals operate in gangs that cross national borders, making it difficult to arrest and prosecute them.
In some countries, well-connected cybercriminals are protected by their national governments.
The National Cybersecurity Policy seeks to address these problems.
“We’ll start looking at international cybersecurity policy,” Schmidt said. “We need to make sure our policy and framework are addressing the international field.”
Who’re You Gonna Call?
The Cybersecurity Policy Review also calls for the establishment of an instant response plan.
“There should never be a question as to where the private sector needs to go during an incident,” Schmidt explained. “There should never be a question about whether the private sector needs to coordinate what needs to be done. The Department of Homeland Security is doing a great job of pulling this together.”
An instant response plan is critical. The U.S. is the most vulnerable country in a cyberwar because it’s the most connected, Mitch McConnell, former director of national intelligence, has testified before the Senate.
Both McConnell and current Director of National Intelligence Dennis Blair are among the cybersecurity experts who have testified before Congress about the need for stronger cooperation between the private and public sectors on security.
Peekaboo! I See You!
Private-public sector cooperation alone is not enough; the American people also have to be involved, Schmidt said.
“In order to be successful against today’s cybersecurity threats, we need to seek out new and innovative partnerships — not only between business and government, but also academia,” he explained.
In order for that to happen, government needs greater transparency.
“Transparency and partnerships are concepts that have to go hand in hand,” said Schmidt. “We can’t ask industry to help government, or government to step in, unless we have transparency.”
In line with that policy of transparency, the government on Tuesday declassified part of its Comprehensive National Cybersecurity Initiative (CNCI), publishing details of the US$40 billion cybersecurity plan on the Internet Tuesday, Schmidt announced.
Transparency has been a key requirement of the Obama administration all along, Schmidt said. “The foundation aspects of the government’s cybersecurity policy are transparency and accountability.”