Reactions to the White House cybersecurity review
“Cybersecurity must be a national priority, and today the Obama administration made that clear,” said Dave DeWalt, McAfee president and chief executive officer, who attended the release event at the White House. “Government and private sector, including McAfee, actively collaborated on this initiative. We look forward to continued participation in an even stronger partnership with the government to ensure that our institutions and citizens are able to fully participate in a secure and networked world.”
“With the administration’s just published 60-day cyber security review, and imminent announcement of a “cyber security coordinator’, CompTIA today wholeheartedly applauds President Obama’s renewed focus on cyber security. The report’s recommendations provide a holistic and flexible framework toward tackling the many complex issues that comprise cyber security.
“For CompTIA members – which span the continuum from the very largest OEMs, to smaller IT companies, to IT training establishments – to our own cyber security certification programs, the report’s recognition of the need for proper cyber security awareness, “digital literacy’ and education reaffirms what we have long known, studied and advocated for. That is, the “human element’ of continuous cyber security training plays an integral role in making sure our networks remain safe from cyber attack and malfeasance. After all, technology did not cause the problem. Rather, it is bad behavior from bad actors, aided only by technology, which has. Skilling, training and certifying the good actors – virtually all Americans who touch the Internet – is key in this battle.
“We pledge our active partnership and collaboration with the President and the IT industry on this important matter. As the President’s recommendations move forward, we will work to ensure the administration, Congress and policymakers put cyber security training and certification in its rightful place, helping Americans meet and confront the evolving challenges of cyber security.”
Cyber Secure Institute
Today, Rob Housman, the Executive Director of the Cyber Secure Institute, made the following comments concerning President Obama’s announcements on cybersecurity.
Housman said, “The President today demonstrated an unprecedented level of commitment to the nation’s cyber security. Most importantly, the President stressed that the status quo, the unending hack and patch, is no longer acceptable. That single understanding, that single statement, is vital to achieving real cybersecurity. The Institute strongly supports the President’s view that a new approach is necessary.”
Housman went on to say, “As the President himself noted, so much of his agenda for the nation’s progress—from e-Health to a smart energy grid—is premised on advanced information technologies. Effective cybersecurity is critical to the President’s ability to make progress in all these areas. However, too many of our systems today are inherently insecure—we simply cannot rely on them if we are to make these leaps ahead. We must require that critical cybersecurity systems need to be highly resilient and fully secure. While the President stressed that the government won’t dictate security requirements to industry, at the end of the day, the government will need to use a variety of tools—from incentives to requirements—to drive change or else the status quo will remain.”
Housman, who served as Assistant Director for Strategic Planning in the White House Drug Czar’s Office under President Clinton, also noted, “Having served in a White House Czar Office, it is my view that the cross-cutting nature of cyber security requires a White House czar to coordinate efforts across the government and with the private sector. As the President emphasized, to date no one is in charge, and that all but guarantees inadequacy of response. The President has taken a major step to change that.”
He went on to say, “However, the key will be just how “in charge’ this new czar will be. Will the Cyber Czar have direct access? Will the Czar have a high enough profile to command the bully pulpit? Will the Czar have unfettered access to the bully pulpit? Will the office have adequate staff and budget? Beyond developing a strategy what sorts of real powers and authorities will he or she have? Or will the Czar be limited to the power of persuasion? One reason the Drug Czar office had an impact was it had broad budget review power over the federal agencies. Will the Cyber Czar have that sort of power?”
Comments today from Philip Lieberman, President, Lieberman Software Corporation: “I am most pleased by the inclusion of the concept of “standard of care” on pg. 28 of the report. There needs to a be a bright line of reasonable care for enterprises as well as incentives to implement strengthened cyber security. The statement needs to go further and provide a legal safe harbor for organizations that implement security and also waiver of liability for those organizations that share breach information. Government must clamp down on credit card issuers transfer of liability to processors and merchants for breaches caused by complex / high level attacks that cannot be anticipated or fully guarded against.”
“I don’t agree with the suggestion that FISMA standards should be enforced without any budget given to agencies to implement standards. There is too much deference to personal privacy and civil liberties to the extent that commercial and public interest are thrown onto the trash pile of excessive and unmoving and growing bureaucracy.”
The Internet Innovation Alliance
“We commend President Obama for recognizing cybersecurity as an essential foundation for broadband Internet to realize its full economic, cultural and social potential. A safe, secure Internet with the public’s trust is critical to enabling the innovations that can improve our lives and to spurring broadband adoption among citizens.
“More than 75 percent of Americans feel that the Internet is too dangerous and believe naïve users can easily be taken advantage of, according to a survey of more than 1,000 Americans conducted by TRUSTe. Making consumers comfortable with capabilities that require safe and secure connections such as online banking and medical record storage-and-retrieval, as well as popular services like photo sharing and online gaming, is key to achieving universal availability and adoption of high speed Internet.
“Serious cyber-crime threats against consumers like phishing, hacking and identity theft persist, while national security challenges to government systems and critical infrastructure threaten our country every day. Overcoming these challenges to encourage widespread broadband Internet adoption requires a concerted effort with the government and private sector working closely together. The cybersecurity report and proposed action plan represent an essential first step toward a most critical goal.”