IT | Security

Has Obama Failed on Infosecurity?

By: Absolute Team | 1/27/2011

Last night President Barack Obama delivered the State of the Union Address. Given the timing of this "winning the future" address, the National Security Cyberspace Institute (NSCI) has issued a new whitepaper on the progress of cybersecurity under the Barack Obama administration. They have given the 2009-2011 progress a reporting grade of 'D'.

After a 60-day cybersecurity review in 2009, 250 needs, tasks and recommendations were put forth for a more cohesive national cyber security plan. Given that Obama described cyber threats as "one of the most serious economic and national security challenges" in the US, NSCI decided to assess how the administration had fared with the 10 items named in the 60-Day Review 'Near-Term Action Plan' set out 2 years ago:

  1. Appoint a cybersecurity policy official responsible for coordinating the Nation’s cybersecurity policies and activities.
  2. Prepare for the President’s approval an updated national strategy to secure the information and communications infrastructure.
  3. Designate cybersecurity as one of the President’s key management priorities and establish performance metrics
  4. Designate a privacy and civil liberties official to the NSC cybersecurity directorate.
  5. Conduct interagency-cleared legal analyses of priority cybersecurity-related issues.
  6. Initiate a national awareness and education campaign to promote cybersecurity.
  7. Develop an international cybersecurity policy framework and strengthen our international partnerships.
  8. Prepare a cybersecurity incident response plan and initiate a dialog to enhance public-private partnerships.
  9. Develop a framework for research and development strategies that focus on game-changing technologies that have the potential to enhance the security, reliability, resilience, and trustworthiness of digital infrastructure.
  10. Build a cybersecurity-based identity management vision and strategy, leveraging privacy-enhancing technologies for the Nation.

Though credit was given for efforts made to enhance cybersecurity in several areas, both private and federal, there are many of these plans which received poor grades. Some areas received grades of 'D', for "Item still in work; or item's implementation was delayed to the point that it suggests a lack of leadership or decisiveness in assigning priorities, or compounding delay in other areas." The analysis of each plan is done in full in the report (a great read), though the overall administration was given a 'D' for the large delay in naming Howard Schmidt as the White House cybersecurity co-ordinator.

Is the administration moving too slowly with cybersecurity issues? Do you find it troubling that so many issues were raised with near-term plans, not to mention the mid-term plans set out in the review? What could be done to improve the speed at which these plans are set forth?