Cybersecurity: One Step Forward
Whether or not President Obama is taking too long to name a White House cybersecurity adviser, the federal government this past week moved aggressively forward toward securing federal IT systems and the nation's critical IT infrastructure with the release of the intelligence community's National Intelligence Strategy.
For the first time, the National Intelligence Strategy includes enhanced cybersecurity as a primary mission objective of the nation's 16 intelligence agencies. In some respects, this commitment could prove more important than the appointment of a so-called cybersecurity czar (a title the White House contends does not exist). Unlike the White House IT security adviser - characterized by the president as a cybersecurity coordinator - members of our spy agencies are on the frontline in the battle against domestic and international criminals, cyber terrorists and foreign governments (or their backers) who want to hack their way into our IT systems to threaten our security and weaken our economy.
The National Intelligence Strategy, says Director of National Intelligence Dennis Blair, "reflects a more refined understanding of the threats we face and how we'll combat them." (See: Q&A: Blair Speaks Out on Cybersecurity.)
Except for rare examples, such as the past year's financial bailout, government moves slowly in addressing matters of substance. It's a fact of life. Congress this year has been addressing legislation to strengthen cybersecurity, and I have little doubt significant legislation will be adopted to do just that, though the odds are long for that to happen before year's end. And the president will get around soon to tap a cybersecurity coordinator.
Those seeking more rapid change shouldn't be discouraged. We are moving ahead. There's plenty of work to be done. "If agency CIOs, CISOs and others responsible for securing government IT are awaiting the appointment of the cybersecurity coordinator to get their marching orders, they're wasting time," Karen Evans, the onetime de facto federal CIO, wrote in her GovInfoSecurity.com blog. "In reality, what will happen in the White House in the coming weeks will have little or no bearing on what agency security managers must do now to perform their jobs."
And, as Evans acknowledges, those responsible for securing federal IT systems - the chief information officers and chief information security officers and their teams - are working hard with or without presidential or Congressional action. And the actions of Blair and his intelligence community legions demonstrate that cybersecurity is a crucial matter our government is addressing. Just give Obama and Congress a bit more time to catch up. They will.