Obama’s announcement and an accompanying cybersecurity report largely contained ideas long called for by various cybersecurity experts, but the largest benefit of Friday’s announcement was that Obama lent his name to the fight against cybercrime, said Larry Clinton, president of the Internet Security Alliance, a trade group focused on cybersecurity.
“A lot of the things that were discussed this morning have been said before, but it is a very big deal when the president says them,” Clinton said. “The fact that this is elevated to the presidential level … that is a big deal.”
Obama announced that he will appoint a national cybersecurity coordinator, who will report directly to the president, and the U.S. government will collaborate with private groups to create a comprehensive national cybersecurity policy. The White House will also designate cybersecurity as a key management initiative and develop metrics for measuring improvements, Obama said.
The U.S. government will create a national cybersecurity education program, and it will invest in cybersecurity research and development, the president announced.
Cybersecurity experts and some lawmakers have long called for the U.S. government to focus more on cybersecurity, and Obama’s announcement Friday gives the issue a much-needed boost, Clinton and other cybersecurity experts said.
Clinton and Bob Dix, vice president of government affairs at Juniper Networks, also praised Obama for saying that the new cybersecurity coordinator will be a member of both the U.S. National Security Agency and the National Economic Council. “That’s important because it means the president understands the need not just to look at the cybersecurity issue as a discreet, boutique technology issue — which is the way a lot of people have treated it — but rather as a fundamental element that affects all of our economy,” Clinton said.
The major concern about the announcement was that it lacked detail. Obama didn’t name a cybersecurity adviser, and the administration’s cybersecurity strategy has yet to be developed.
“I think we’re headed in a new direction,” said Phil Dunkelberger, CEO of PGP, a vendor of cybersecurity products. “I think time is going to tell if it’s the right direction.”
The details of the plan will determine whether it’s successful, Dunkelberger said.
Still, Dunkelberger said he was “pleasantly surprised” with Obama’s speech. Former President George Bush also had a goal of improving cybersecurity, but Obama said cybersecurity is a personal goal, he said.
Obama has made cybersecurity a top priority, and he stressed that organizations and the U.S. government need accountability and responsibility for cybersecurity, Dunkelberger said. “For the first time I’ve seen accountability has been mentioned as a part of this,” he said.
Dix agreed that more details are needed, but called Obama’s announcement a “very positive step.”
“This isn’t the end of it, this is the beginning of it,” he said.
Dix and Clinton praised Obama’s focus on government collaborating with private groups, instead of dictating mandates. Legislation introduced in the U.S. Senate in April would create new mandates for private industry, but Obama focused more on how government and private groups could work together, Dix said.
Some cybersecurity experts have recently called for broad new regulations, but that wasn’t part of Obama’s approach Friday, Clinton added. “He made it very clear that the government will not be dictating technology standards for the private sector,” Clinton said. “There have been some high-profile reports … that say this is what the government needs to do. President Obama went exactly in the opposite direction.”
The Center for Democracy and Technology (CDT), an online privacy and civil liberties group, also praised Obama’s announcement. While the U.S. government needs to better protect computer networks, that doesn’t mean it will track users online or intercept communications, Obama said. The office of the cybersecurity coordinator will also include a chief privacy officer, he said.
CDT is also happy that the White House, and not the secretive National Security Agency, will lead cybersecurity efforts, the group said.
“It’s clear that the White House review team was committed to building privacy into these cybersecurity policy recommendations from the beginning of the process,” CDT President and CEO Leslie Harris, said in a statement. “Further, we are greatly encouraged by the Administration’s strong commitment to develop its cybersecurity privacy policies in a collaborative manner with those in the private sector.”
Other statements in reaction to the White House report:
— Shannon Kellogg, director of information security policy at EMC and a member of the National Cyber Security Alliance Board of Directors: “Public-private partnerships are critical to the success of a comprehensive cybersecurity public service campaign. A true collaboration among government agencies, nonprofits and private companies will enable us to empower our citizens to protect themselves and, in turn, make our country’s overall cyber defenses stronger.”
— John Stewart, Cisco Systems vice president and chief security officer: “The administration’s report is a culmination of the most focused and thorough discussion about the security of the nation’s online infrastructure. I’m glad that so many experienced and knowledgeable contributors from the public and private sectors have given voice and are being heard. It’s imperative that the public and private sector continue to collaborate.”
— Ed Black, president and CEO of Computer & Communications Industry Association: “President Obama announced he plans to appoint both a cybersecurity czar and someone who understands privacy and civil liberties to the National Security Council cyber security team. This shows the Obama Administration understands the critical balance needed to keep the Internet open and safe and to maintain the freedom and trust of those using it. We know the pressures to deviate from this balance will be strong, and we hope he can stay on course.”
— U.S. Representative Peter King, of New York, senior Republican on the House Committee on Homeland Security: “I view the president’s action today on cybersecurity as a very positive step. As we go forward, we have to make sure that all of the federal departments and agencies are properly coordinated in their cybersecurity efforts.”
— Ann Beauchesne, the U.S. Chamber of Commerce’s vice president of national security and emergency preparedness: “Cyber threats are real, growing, and causing significant challenges for businesses. President Obama promised to make cybersecurity a top priority during the campaign. The Chamber welcomes the administration’s efforts to turn a campaign promise into action.”