I read yesterday that a private organization had graded the White House on its performance in cybersecurity policy. It seemed to me to be an interesting exercise. (Note: It is not my intention to judge the integrity of the report, as the organization is new to me. If you Google “cyber” “whitehouse” and “grade” you can find the report and read it).
The report points out positive and negative aspects of Obama’s progress on cybersecurity. Though may of the criticisms are apt, I think it’s important to really emphasize the progress that has been made in the last two years. It begs the question – how fast is fast enough when developing cyber policy?
Many points are valid, commenting on the cyber czar’s lack of budgetary authority, or the scramble to pick a lead for inter-agency collaboration. Both fair points. Over the last few years both the Bush and Obama administrations have been walking around with a perverbial “Cinderella’s shoe” trying to figure out what agency should take the lead on cyber issues. For now the shoe has been wedged on DHS. Despite the organizational challenges, that seems to be a good choice for the time being.
There have been other accomplishments as well. For example, Howard Schmidt was appointed as Cybersecurity Coordinator in the White House in 2009. A bill proposed by Representative Langevin (D-RI) proposed in May 2010 (H.R. 5247) would make Schmidt’s position subject to Senate confirmation and would grant budgetary authority. The issues are evolving and moving forward. (Or at least Congress has the ability to move them forward).
Cyber Command’s first incarnations were far from centralized. As recently as 2009, the Air Force emerged as a leading entity, linking the protection of the cyber domain with Air Force Space Command. US Cyber Command (CYBERCOM) was created just over a year later and continues to function smoothly. For a consortium of large bureaucracies, the armed services really rallied together to support the standing-up of CYBERCOM.
Cybersecurity is clearly a priority, and one that Obama continues to emphasize. It concerns protecting our private emails to classified communication, our military’s command and control capacity, our private sector intellectual property, power grids and the security of our economic transactions. Significantly, it is easy to criticize progress on cybersecurity policy just based on the amazing breadth of the vulnerabilities. In the name of promoting bipartisanship (and generally feeling less gloomy) it’s equally important to analyze what did work, as opposed to what didn’t. In a world of increasingly complex threats such as Conficker and Stuxnet, sometimes one just has to look on the bright side of life.
