Key members of
Congress along with high-tech industry
executives are voicing qualified support for
President Barack Obama’s cybersecurity
initiatives, particularly his decision to
establish a new White House office headed by
a so-called “Cybersecurity Czar.”
The steps by
Obama also have included release of a
“Cyberspace Policy Review” report asserting
that “the architecture of the nation’s
digital infrastructure, based largely upon
the Internet, is not secure or resilient.
Without major advances in the security of
these systems or significant change in how
they are constructed or operated, it is
doubtful that the United States can protect
itself from the growing threat of cybercrime
and state-sponsored intrusions and
operations.”
Cybersecurity
strategies being considered by U.S.
officials range from implementing stronger
firewalls to protect computer systems from
intrusions to threatening tough retaliatory
actions — including possible use of nuclear
weapons — in response to severely crippling
cyberattacks.
On Capitol
Hill, Rep. Bart Gordon, D-Tenn., chairman of
the House Science and Technology Committee,
said in response to the Administration
initiatives: “A more secure cyberspace
equals a more secure nation. The path
forward must focus not only on near-term
solutions to current cyber attacks, but also
on leap-ahead technologies and innovative
research that will fundamentally change the
future state of play. The President has made
cybersecurity a priority and the committee
is looking forward to working with the
Administration on this crucial issue.”
In announcing
the initiatives on 29 May, Obama made a
speech indicating that he himself takes a
strong interest in issues relating to
cybersecurity. He noted that during last
year’s presidential election campaign his
own campaign organization was targeted by
hackers, who gained access to e-mails and a
range of campaign files, from policy
position papers to travel plans. “It was a
powerful reminder: In this Information Age,
one of your greatest strengths — in our
case, our ability to communicate to a wide
range of supporters through the Internet —
could also be one of your greatest
vulnerabilities.”
The President
observed that “our technological advantage
is a key to America’s military dominance.
But our defense and military networks are
under constant attack. Al Qaeda and other
terrorist groups have spoken of their desire
to unleash a cyberattack on our country —
attacks that are harder to detect and harder
to defend against. Indeed, in today’s world,
acts of terror could come not only from a
few extremists in suicide vests but from a
few key strokes on the computer — a weapon
of mass disruption.”
“From now on,
our digital infrastructure — the networks
and computers we depend on every day — will
be treated as they should be: as a strategic
national asset. Protecting this
infrastructure will be a national security
priority,” Obama said. “We will ensure that
these networks are secure, trustworthy and
resilient. We will deter, prevent, detect
and defend against attacks and recover
quickly from any disruptions or damage.”
He added that
“to give these efforts the high-level focus
and attention they deserve … I’m creating a
new office here at the White House that will
be led by the Cybersecurity Coordinator.
Because of the critical importance of this
work, I will personally select this
official. I’ll depend on this official in
all matters relating to cybersecurity, and
this official will have my full support ad
regular access to me as we confront these
challenges.”
Main
responsibilities of the White House
cybersecurity office, Obama said, will
include “orchestrating and integrating all
cybersecurity policies for the government;
working closely with the Office of
Management and Budget to ensure agency
budgets reflect those priorities; and, in
the event of a major cyber incident or
attack, coordinating our response.”
Doug Taggart,
chairman of the IEEE-USA Committee on
Communications Policy, told Today’s Engineer
Online: “I believe the most important point
in the White House report is the emphasis
placed on the issue that our nation’s
cybersecurity challenges transcend the
jurisdictional purview of individual
departments and agencies, while highlighting
the point that no single agency has a broad
enough perspective or authority to match the
full scope of the challenge. I believe that
standing up a White House office is a good
step in helping bridge this gap.”
He observed
that “one caution that will always need to
be kept in view as the Cybersecurity Czar
moves forward is to not get drawn into
‘tunnel vision.’ My point here is that, in
visualizing what is meant by the nation’s
digital information and communications
infrastructure -- known as cyberspace -- a
natural tendency for those in positions of
addressing policy is to get drawn into
thinking this is only involved with the
Internet. Cybersecurity is broader than
protecting the Internet.”
Marc T. Apter,
chairman of the IEEE-USA Critical
Infrastructure Protection Committee (CIPC),
commented about the Obama Administration
cybersecurity initiatives: “The issue is
critical, and there have been insufficient
new approaches used to date. . . . While
this is such a new area for the White House,
many answers are unknowable until the [cybersecurity]
office has operated for a while.”
Apter added:
“We believe in the ‘think globally, act
locally’ approach to initiatives, and IEEE
could be a big help here. Long-term
education of the public can help cyber
‘behavior’ as well as policy, and we should
be involved in that. Who better than IEEE?”
He noted that
“it is essential that electrical and
computer engineers who are competent in
policy development be at the table in these
discussions.” The IEEE, Apter said, already
has numerous initiatives under way to
support reliable, secure and safe cyberspace
— including the Reliability of Global
Undersea Communications Cable Infrastructure
(ROGUCCI) Study.
Subcommittees
of the House Science and Technology
Committee held hearings on 10 June, 16 June
and 25 June to explore various aspects of
cybersecurity, including the newly announced
Obama Administration initiatives.
In an opening
statement for the 16 June hearing, Rep.
David Wu, D-Ore., chairman of the
Subcommittee on Technology and Innovation,
said: “I have long been concerned by the
lack of attention given to cybersecurity by
the federal government. Previously, federal
efforts were output-oriented — focused on
things like the number of programs, funds
spent, or numbers of interagency working
groups — rather than outcome-driven. I am
pleased that the new Administration has made
cybersecurity a top priority and is focusing
on achieving outcomes such as fewer breaches
of federal systems, fewer cases of identity
theft, and the security of smart grid
systems and health IT systems.”
“In order to
achieve those important results, it was
essential to first conduct a review of our
federal cybersecurity structure,” Wu said.
“The Administration’s cyberspace review does
not make any brand new recommendations.
However, it is valuable as a frank
assessment of current federal activities and
a roadmap for what needs to be fixed.”
At the same
hearing, Rep. Adrian Smith, R-Neb., the
subcommittee’s ranking Republican member,
emphasized the need for careful
consideration of various courses of action
to deal with cybersecurity challenges.
“There is broad
agreement on the seriousness and magnitude
of our cybersecurity vulnerabilities, and
the complexity of the technical and policy
challenges that must be addressed to
overcome them,” Smith said. “While we are
still at the earliest stages of identifying
and implementing solutions, I hope both
Congress and the Administration will work to
balance the pressure to act quickly and
aggressively on cybersecurity with the need
for thorough and deliberate consideration of
all possible courses of action.”
Witnesses at
the 16 June hearing included Peter Fonash,
acting director of the National
Cybersecurity Division, National Protection
and Programs Directorate, Department of
Homeland Security, who said with regard to
the “Cyberspace Policy Review” report issued
by the White House: “DHS will have a
significant role in several near-term
actions outlined in the report, including
updating the national strategy,
strengthening international partnerships,
increasing public awareness and preparing a
national response plan for cyber incidents.”
He told the
hearing: “The cyber threat is rapidly
growing and evolving. As the nation becomes
ever more dependent upon cyber networks, we
must address cybersecurity swiftly and
surely. Overcoming new cybersecurity
challenges is a difficult task requiring a
coordinated, focused approach to better
secure the nation’s information technology
and communications infrastructures.
Accordingly, DHS is actively working with
its federal partners to secure the ‘.gov’
domain by implementing a holistic strategy
for securing our civilian networks and
systems.”
Also testifying
was Bob Leheny, acting director of the
Defense Advanced Research Projects Agency (DARPA),
who noted that “we are at the early stages
of what will come out of the 60-day review,
but having senior leadership at the White
House looking hard at cybersecurity across
the federal government will keep it high on
the national agenda and stimulate progress
throughout the field. As this process moves
forward and we get a new director at DARPA,
we will be sure to continue to evaluate our
own plans, programs and budgets for
cybersecurity.”
At the 25 June
hearing, Mark Bregman, chief technology
officer of Symantec Corporation, testified
that “we applaud the President’s personal
commitment to take the action that is so
desperately needed around cybersecurity, and
look forward to working soon with the new
Cybersecurity Coordinator, other agencies
and stakeholders to develop the strategy,
policies and operational plans necessary to
improve cybersecurity.”
Bregman added:
“We hope that the Coordinator will be
elevated within the White House and have the
appropriate policy, decision-making and
budget review authorities necessary to set
the strategic direction for the nation,
empower agencies and the private sector to
do their mission in a coordinated and
balanced way, and take a more prominent role
in international cyber policy.”
In a related
development, Global Security Newswire
reported on 12 May that the top U.S.
commander for strategic combat had repeated
previously enunciated policy that the White
House retains the option to respond with
physical force — potentially even using
nuclear weapons — if a foreign entity
conducts a disabling cyberattack against
American computer networks.
“I think you
don’t take any response options off the
table from an attack on the United States of
America,” GSN quoted Gen. Kevin Chilton, who
heads the U.S. Strategic Command, as telling
reporters on 7 May during a Defense Writers
Group breakfast meeting.
A similar
position had been indicated in the 2004
version of a U.S. Joint Chiefs of Staff
document, “National Military Strategy.” This
report stated that “nuclear capabilities [of
the United States] continue to play an
important role in deterrence by providing
military options to deter a range of
threats, including the use of WMD/E and
large-scale conventional forces.”
The document
explained that “the term WMD/E relates to a
broad range of adversary capabilities that
pose potentially devastating impacts. WMD/E
includes chemical, biological, radiological,
nuclear and enhanced high-explosive weapons
as well as other, more asymmetrical
‘weapons.’ They may rely more on disruptive
impact than destructive kinetic effects. For
example, cyberattacks on U.S. commercial
information systems or attacks against
transportation networks may have a greater
economic or psychological effect than a
relatively small release of a lethal agent.”
E-mail
this page to a friend
