Monday, December 29, 2008

US: Getting the Ear of the New President

( If you follow the logic of FBI Director Louis Freeh, a cyber attack against America is inevitable and will feel like another September 11. He compares the current lack of coherent strategy and national will to prevent such an attack to the shoulder-shrugging response Americans had when the USS Cole was nearly sunk in the Yemeni port of Aden in 2000. "Neither the country, nor its leadership on both sides of the aisle, were motivated by this," Freeh lamented in a speech to attendees at the SC World Congress in New York in early December.

Freeh's words preceded Congressmen Jim Langevin (D-RI) and Michael T. McCaul (R-TX), who discussed their advice to president-elect Barack Obama on how to address the daily cyber threats and attacks against the nation's government, military and civilian networks. Langevin and McCaul co-chaired the Commission on Cybersecurity for the 44th Presidency, which spent more than 15 months formulating recommendations. The report has two main takeaways: the president should replace the current hodge-podge approach to cyber security with a new National Office for Cybersecurity, which would be part of the Executive Office of the President; and the government should issue strong, mandatory authentication identities for critical cyber infrastructures such as finance.

The first recommendation seems painfully obvious. Several technologists with strong industry credibility have held a variety of cyber "Czar" posts - Richard ClarkAmit YoranGreg Garcia, and the latest, Rod Beckstrom - to little avail. Creating a National Office of CyberSecurity charged with creating a comprehensive national security strategy might actually accomplish that goal.

As for authentication, the committee gave the FFIEC kudos for promoting stronger authentication for online financial services but wants to extend that effort even further. The report envisions a world where the government issues digital credentials that require in-person proofing - similar to a drivers license - which can then be accepted online by merchants and banks with greater certainty. The challenge is twofold: protecting individual privacy while at the same time preventing commercial interests and the government from requiring overly burdensome authentication, which could violate civil liberties.

Another challenge for cybersecurity experts is that many people are vying for the ear of President-elect Obama. Will the issue of cybersecurity prevail? There were four members of the Obama transition team on the committee, notes Jerry Dixon, a former FBI cybersecurity guru who is now director of analysis at cybersecurity consultancy Team Cymru. "It'd be bad form for them to ignore their own writing, wouldn't it?"

No comments: