May 29, 2009 On Friday, May 29th, 2009, President Barack Obama held a press conference at the White House to announce the findings of a report containing the findings a review conducted by Melissa Hathaway, acting senior director for cyber space for the National Security and Homeland Security Council, assessing the readiness of U.S. government agencies to protect against cyber security attack.
As part of the event, the White House invited Symantec CEO Enrique Salem to attend the press conference. In addition, the White House also invited Symantec Chairman John Thompson to appear in a video produced by the White House that emphasized the need for a national effort regarding cyber security. The video was posted on the White House the day of the event and can be found here.
Among the initiatives generated by the report was the establishment of a national cyber security czar to coordinate national cyber security efforts. The full report can be accessed at http://www.whitehouse.gov/assets/documents/Cyberspace_Policy_Review_final.pdf.
From Symantec’s vantage point, the three factors pertaining to the effectiveness of the cyber security czar appointment include the following:
- That the position have the appropriate decision-making and budget authority necessary to set the strategic direction for securing the nation’s critical infrastructure from cyber attack
- That the position empowers government agencies and the private sector to carry out their cyber security missions in a coordinated and balanced way
- That the position works to foster an international approach to cyber policy as a means to combat cyber criminal activity on a global basis
At the same time, there are a number of legislative initiatives that can be carried out immediately by Congress to help the cyber security czar hit the ground running, including:
- Passage of a national data breach notification law, providing businesses and enterprises a single set of federal guidelines to follow regarding a data breach incident and subsequent notification process to affected customers/users.
- Reforming the Federal Information Security Management Act. First established in 2002, the Act – which stipulates guidelines for government agencies to follow to ward off cyber act – sorely needs to be updated, taking into account current cyber threats such as mass denial-of-service attacks and zero-day attacks.
- Passage of the Critical Electric Infrastructure Protection Act, sometimes referred to as the Smart Grid Act. This Act provides guidelines and policies needed to establish a base form of security to protect the nation’s electronic grid from cyber attack. More specifically, the law would protect the nation’s energy grid and the network used for the transportation of electricity and natural gas throughout the country.