Obama IT Security Plan Praised

Delay in Naming Cybersecurity Chief Disappoints Some

By , June 1, 2009.
Obama IT Security Plan Praised

T

See Also: The Enterprise at Risk: The 2015 State of Mobility Security

he initial reviews of President Obama's cybersecurity plan presented Friday, though not universal, have been favorable. Many praised the president for elevating cybersecurity as a national concern, but some expressed concerns that more details of his new IT security policy weren't revealed.

"The fact that the president, in the first time in my memory, made a major speech about cybersecurity, talked about it as a national priority, spoke about it as being a major priority for his administration ... and that he created office which would have cross organizational responsibility is significant," said Dan Chenok, chairman of the government's Information Security and Privacy Advisory Board.

Karen Evans, who until January served for more than five years as administrator for e-government and IT in the White House Office of Management and Budget, the nation's de facto chief information office, praised Obama for raising the importance of cybersecurity in the federal government. "I am excited about the recognition of the issue and the release of the study," she said.

Evans, among others, expressed disappointment that Obama had delayed selecting the official who will coordinate cybersecurity policy from the White House. "A lot of people are looking for a name," said Scott Charbo, former CIO and deputy undersecretary for the National Protection and Programs Directorate at Department of Homeland Security.

Still, the fact that cybersecurity will be coordinated by a White House official - regardless of who the president names - is seen as crucial. "What gets my attention is that perhaps a single 'czar' may finally suppress the inter-agency responsibility struggles and may finally settle the lax accountability that some organizations have shown," said Ray Bjorklund, senior vice president and chief knowledge officer of FedSources, a firm that advises vendors doing IT business with the government. "In many ways, the agencies will welcome centralized leadership over this matter, instead of relying on DHS for one thing, NIST for another, NSA for something else, and so on."

But one former senior Homeland Security officials suggested the White House may have too many chefs stirring the pot trying to create the right recipe to secure government IT. Greg Garcia, an assistant secretary for cybersecurity and communications at the Department of Homeland Security in the Bush administration, noted that the Executive Office of the President will have a cybersecurity coordinator - who will report to the National Security Council and National Economic Council - as well as a chief information officer and chief technology officer. Such an environment, he said, "will add unnecessary confusion in the management structure and its engagement with the federal agencies."

Garcia, an independent consultant, characterized the Obama plan, not as something new, but as an evolution of the Bush administration's cybersecurity programs, including last year's multi-agency Comprehensive National Cybersecurity Initiative. "A czar will only be effective if they clearly define agency roles and responsibilities and hold them accountable without micromanaging the effort and slowing down the operational execution for which the agencies have responsibility," Garcia said. "We've already lost time with a 60-day review that turned into 110 days." The last comment referred to the so-called 60-day review headed by White House security advisor Melissa Hathaway of the government's cybersecurity policies and procedures that began in February.

Garcia's former Homeland Security colleague Charbo, an Accenture vice president for cybersecurity and telecommunications, wasn't critical of the plan, and felt the president hit the right points, but wanted to hear more about how the administration will measure whether the new policy works. "You need to determine some metrics and clear outcomes to determine whether we're getting safer in cyberspace," Charbo said.

Indeed, the president's plan mapped out a cybersecurity strategy at the 50,000-foot level, leaving many details to be developed in the coming months. That could make the federal IT workforce responsible for securing government IT - the CIOs, chief information security officers and others in the trenches - a bit antsy. "Their anxious to see these things happening," Charbo said. "A lot of them are probably fairly concerned about what does this mean to them; how is this going to change what they do."

Follow Eric Chabrow on Twitter: @GovInfoSecurity

  • Print
  • Tweet Like LinkedIn share
Get permission to license our content for reuse in a myriad of ways.
ARTICLE Malaysia Airlines Website Hacked

The Malaysia Airlines website was the victim of an apparent DNS settings attack on Jan. 26, for...

Latest Tweets and Mentions

ARTICLE Malaysia Airlines Website Hacked

The Malaysia Airlines website was the victim of an apparent DNS settings attack on Jan. 26, for...

The ISMG Network