The cybersecurity efforts will help protect against attacks on U.S. information and communications infrastructure, a threat that President Obama has listed as one of the country’s most serious economic and national security threats.
“Our pursuit of cybersecurity will not — I repeat, will not — include monitoring private sector networks or Internet traffic. We will preserve and protect the personal privacy and civil liberties that we cherish as Americans,” the president said. “Indeed, I remain firmly committed to net neutrality so we can keep the Internet as it should be — open and free.”
Listen to the full announcement
For U.S. citizens and companies, thefts of personal identity, money, intellectual property and corporate secrets can be caused by gaps in security. Other security threats include the theft of sensitive U.S. military information and disruption of the electrical grid.
Shortly after his Inauguration, President Obama ordered a review of the U.S. government’s cybersecurity efforts that would help guide a new coordinated strategy to help protect against such attacks. He appointed Melissa Hathaway, who also worked on cybersecurity issues for the Bush administration, as acting cyberspace director for the National Security and Homeland Security councils to oversee the review.
On Friday, the White House unveiled the five main points of the report: Leadership from the top, building capacity for a digital nation, sharing responsibility for cybersecurity, creating effective information sharing and incident response and encouraging innovation.
It also called for increased education, expanding the federal information technology workforce and improving partnerships between federal government, and the private sector and U.S. allies.
As part of the announcement, President Obama said he would create a cyber security coordinator that will be part of the National Security Council and the National Economic Council. He did not appoint anyone for the position.
“Because of the critical importance of this work, I will personally select this official. I’ll depend on this official in all matters relating to cybersecurity, and this official will have my full support and regular access to me as we confront these challenges,” Mr. Obama said.
His announcement left unclear who would lead the administration’s efforts or who how senior of a position the new advisor would hold.
Businesses have pushed the president to appoint someone who will engage the private sector.
“We’re looking for someone who actually has the ability to develop and set cyberpolicy between agencies — someone who will have the appropriate staffing and resources in order to do his job. If they are becoming the cyberczar on cybersecurity, they need to have some level of authority,” said Tiffany Jones, the director of government relations for Symantec Corp.
The debate over which department should handle cybersecurity has continued carried over from President George W. Bush’s terms in the White House. In 2002, he created the Department of Homeland Security. One of the new department’s goals would be “to gather and focus all our efforts to face the challenge of cyberterrorism,”
But others have questioned if the responsibility should rest in one agency and if so, which agency would have control.
In March, the Director of Homeland Security’s National Cybersecurity Center Rod Beckstrom, resigned because the National Security Agency was controlling cybersecurity efforts. While some proposed that the NSA should be the body in charge, Beckstrom said that could hurt “our democratic processes…if all top level government network security and monitoring are handled by any one organization,” according to CNET News.
James Lewis of the Center for Strategic and International Studies told National Public Radio about the dangers the U.S. faces:
“They’re not mom-and-pop operations; they’re not little kids,” Lewis said. “These are the spies of the 21st century, and they’ve been very successful. It’s going to be hard for any company or any single city or police department or homeland security agency to deal with these very sophisticated opponents. It’s going to take a national effort.”
The CSIS presented a report in December 2008 on cybersecurity that determined that “cybersecurity is now a major national security problem.” It recommended creating a national security strategy to cover both national and international threats.
The Pentagon also plans to create a military cybercommand that would conduct offensive and defensive computer warfare, the New York Times reported on Friday.
“We are not comfortable discussing the question of offensive cyberoperations, but we consider cyberspace a war-fighting domain,” said Bryan Whitman, a Pentagon spokesman as reported by the New York Times. “We need to be able to operate within that domain just like on any battlefield, which includes protecting our freedom of movement and preserving our capability to perform in that environment.”
In his announcement, President Obama said that at one point during his presidential campaign, hackers penetrated the computer system and gained access to e-mails and a range of campaign files.
He underscored how much the U.S. depends on computer networks for transportation and infrastructure as well as the country’s defense systems, saying that attacks can come from “a few keystrokes on a computer” and that the country’s economic prosperity depends on cybersecurity.
“Every day we see waves of cyber thieves trolling for sensitive information — the disgruntled employee on the inside, the lone hacker a thousand miles away, organized crime, the industrial spy and, increasingly, foreign intelligence services.”
President Obama said he remained committed to network neutrality and the new efforts “will not include monitoring private sector networks or internet traffic.”