5 Predictions for Obama's Cyber Policy
Not knowing what she'll report, I suspect that most, but not necessarily all, of her recommendations will be accepted by the president. Here are my predictions on how facets of government cybersecurity policy will be adopted by Obama.
- Cybersecurity policy will be run out of the White House, and not the National Security Agency, which has the technical smarts to build a cyber-threat deterrence. The NSA's too-secretive culture doesn't bode well for an administration touting transparency. Plus, as some point out, the NSA has been involved in too many nasty intelligence incidents over the years to provide the trust needed to sponsor a government-wide program.
- An independent White House Office of Cybersecurity will not be established, but instead will become part of the National Security Council, which the president chairs. Cybersecurity is vital, and the cybersecurity advisor will have the president's ear, though possibly filtered at times through the national security advisor. But the administration already is consolidating such activities; for instance, the Homeland Security Council is being absorbed into the NSC.
- The administration will back legislation to increase its authority over privately-owned information systems and networks the president deems as part of the national critical IT infrastructure. The president will direct the establishment of standard certification metrics for processes, systems and personnel. Such legislation will authorize the government to seize control of these critical IT assets should a true threat of a massive cyber attack surface.
- The president will propose legislation to remove existing legal distinctions between the technical standards for national-security systems and civilian-agency systems and adopt a risk-based approach to federal computer security. Simply, systems that contain critical and sensitive information should be treated the same.
- The White House will propose funding to create training programs and career paths for the federal IT workforce, as well as develop a national education program for cybersecurity.
The NSA's too-secretive culture doesn't bode well for an administration touting transparency.