UPDATE 6/4 – USACM issued this press release outlining its comments on the cybersecurity review. USACM Chair Eugene Spafford noted that while “the President hit many of the right notes in his remarks” the report missed “any emphasis on funding, tools or support for better law enforcement” as well as any discussion of research.
ORIGINAL POST – 5/29
Today the Obama Administration released its cybersecurity review, a 60 day review of federal cybersecurity activity headed by Melissa Hathaway and completed in late April. The report is available online, along with the remarks made this morning by the President. Additional material on the review can be found at http://www.whitehouse.gov/CyberReview/.
Reviewing the report, it seems clear that this is the first step in what may be a years-long process in shifting current federal cybersecurity efforts. The document is a roadmap more than a list of specific policy recommendations. The White House will be taking a more active role in this policy area, with a cybersecurity official based in the White House interacting with the national security and economic advisory groups that work with the President. Previously cybersecurity efforts at the federal level have been organized to emphasize national security and homeland security impacts, leaving economic concerns far behind. With the costs of bad cybersecurity increasing, this shift is a good sign.
Besides the changes in federal organization of cybersecurity, the report goes on to make general recommendations for increasing education and awareness in the public (both individuals and corporations), fostering pubic-private partnerships, and increasing information sharing about cybersecurity vulnerabilities. This last point has been a source of tension, and could be one of the larger challenges moving forward.