[Infowarrior] - Panel employs full-court press for cybersecurity

Tue Feb 10 23:12:40 UTC 2009

Panel employs full-court press for cybersecurity
	• By William Jackson
	• Feb 09, 2009
	• http://gcn.com/articles/2009/02/09/cyber-commission-full-court-press.aspx

An expert commission plans to continue its effort to see  
recommendations for cybersecurity implemented governmentwide

Members of the panel that offered the Obama administration a blueprint  
for improving the nation's cybersecurity say they want to have a voice  
in shaping the government's information technology policy.

In its December 2008 report, the Commission on Cyber Security for the  
44th Presidency concluded that the nation's cyber infrastructure is  
too fragile and too critical to be trusted to individual agencies, and  
protecting that infrastructure requires a comprehensive strategy  
directed by the White House.

In a recent statement, the Center for Strategic and International  
Studies (CSIS), which established the commission, said, "The new  
administration has cybersecurity high on its agenda, and it is making  
a serious effort to take what has already been done and improve our  
national cyber posture. But there is much to be done. Building  
cybersecurity will be a long-term effort."

Some panel members want to continue the dialog with government  
officials through an ongoing series of meetings. Denise Zheng, program  
coordinator and research assistant for technology and public policy at  
CSIS, said that although the program's details are still being  
discussed, the members envision continuing the public format in which  
the commission developed its report.

CSIS established the commission in 2007 in response to the growing  
challenges to government information systems. Its goal was to produce  
concrete recommendations that the new administration could implement  
quickly. The commission's co-chairmen were Rep. Jim Langevin (D-R.I.),  
then chairman of the House Homeland Security Committee's Emerging  
Threats, Cybersecurity, and Science and Technology Subcommittee; Rep.  
Michael McCaul (R-Texas), the subcommittee's former ranking member;  
retired Air Force Lt. Gen. Harry Raduege, chairman of the Deloitte  
Center for Network Innovation at Deloitte and Touche; and Scott  
Charney, corporate vice president of Microsoft's Trustworthy Computing  
Group. The commission also included 50 other members from government,  
industry and academia. James Lewis, director of technology and public  
policy at CSIS, served as project director.

The commission held 19 briefings to gather data in the past year. Its  
primary findings were that cybersecurity is a major national security  
issue, but that in addressing it, the government must respect privacy  
and civil liberties concerns.

"Only a comprehensive national security strategy that embraces both  
the domestic and international aspects of cybersecurity will improve  
the situation," the commission members wrote in their report.

They recommended that the Homeland Security Department and the Office  
of Management and Budget, which took the lead on cybersecurity during  
the Bush administration, maintain their operational responsibilities.  
Meanwhile, a new National Office for Cyberspace and a new  
cybersecurity directorate at the National Security Council would take  
the overall lead on cybersecurity. The commission also recommended  
that the government build on President Bush's Comprehensive National  
Cyber Security Initiative.

"While the CNCI is not comprehensive and unnecessary secrecy reduced  
its effect, we believe it is a good place to start," the commissioners  
wrote in their report.

Among the topics panel members hope to discuss with government  
officials:
	• Provisions for cybersecurity in the stimulus package Congress is  
now considering.
	• Executive branch leadership on the issue.
	• Legislation that addresses the security of government systems,  
including reform of the Federal Information Security Management Act.
	• Review of law enforcement and investigative authorities related to  
cybersecurity.
	• A six-month report card on the government's efforts to secure  
cyberspace.
	• Federal IT acquisition policies.
	• International standards and initiatives.
	• Classification of cyber initiatives.
	• Building an enduring security framework and public/private  
partnerships.