Cyber SOTU Redux

Wednesday has come and gone, and we have now all had a chance to hear President Obama’s remarks in the 2010 State of the Union Address.  Before the address, I was hopeful that we might hear something – anything – relating to the situation we face in the cyber realm.  With all of the pressing political issues, we heard lots about jobs, lots about healthcare, and lots about the need for reform and new directions.  We heard a lot, in general – this was Obama’s longest address to date.

One thing we didn’t hear about was cyber.

Sure – there were mentions of National Security, including the fact that the National Security budget wouldn’t be frozen as part of President Obama’s debt-reduction plan, but nothing having to do with our online capabilities, critical infrastructure needs, or cyber defense of any shape or sort.  The closest comment to this issue was Obama’s discussion of the fact that there

are simply philosophical differences that will always cause us to part ways. These disagreements, about the role of government in our lives, about our national priorities and our national security, they’ve been taking place for over 200 years.  They’re the very essence of our democracy.

Unfortunately, comments like this do not make me hopeful that the cyber issue will be addressed appropriately (both in time and in scope).  If we have difficulties wrangling solutions concerning things that nearly every American is familiar with (jobs and healthcare), it is hard to be hopeful for quality policy regarding issues that very few truly understand.

As I mentioned before, Cyber Coordinator Howard Schmidt has been given the challenge of leading this charge.  Today, a piece appeared in NextGov, a site about technology and government.  The article seems to be a fluff piece aimed at quelling the issue that some have about Schmidt’s lack of authority and inability to control a budget in order to engender change.  Does it quell these fears?  Hardly.

The piece, “New cybersecurity coordinator says he has Obama’s ear,” comes out of the National Journal‘s CongressDaily.  The bulk of the short article is spent attempting to give the impression that Schmidt has enough authority to achieve meaningful change:

Schmidt said he doesn’t believe he has to have control over a budget to make change.  “If the president, the national security adviser, the national economic adviser says, ‘Hey, we need these things,’ things will happen,” he said.

I would read this as Schmidt needs to convince the President, the National Security Adviser, and the National Economic Adviser that something is needed before he can move forward on a large scale project.  For the smaller stuff, Schmidt says that he will be working with

Vivek Kundra, the federal chief information officer who works in OMB and will have input into budgetary decisions.

Unfortunately, this budgetary-based approach to security will render only those solutions which are least expensive, not those that are most effective.  Especially without a budget of his own to control, Schmidt faces the monumental task of convincing others that the projects are worth funding with their own money – money that now cannot be spent on projects of their own.

While cybersecurity is certainly an issue that affects us all, when the basis for decisions is dollars, you’re going to get whatever is cheapest.  And that’s generally not good in any arena, much less with technology.

One positive element of the article and Schmidt’s comments is his idea that we must

stop looking to end-users to be the “policemen of the desktops.”

I couldn’t agree more.  We currently force those with the least security knowledge to navigate the bulk of the security problems.  This is an untenable situation, and likely one of the main reasons that we are so vulnerable to cyber attacks.  While Schmidt and I agree on what must be done, it seems that we differ substantially on how.  Schmidt will look to the private sector

to ensure security is a key part of products and that vulnerabilities are fixed.

I would offer that this market-driven solution will yield results approximately as effective as Schmidt’s OMB/National Security Council/National Economic Council budget meetings do – not very.

Instead, we need to invest in some very serious policy changes in which security responsibilities are directly addressed.  We must determine, as a democracy and as a society, how we wish to divvy up cyber control between industry, military, intelligence, and the general public.  Schmidt notes that

several cybersecurity bills have been introduced. But he did not say whether he supported any particular measures.

In the future, we can only hope that Schmidt would seize on leadership opportunities like this – a chance to publicly support some of the pending legislation, or to suggest changes that would make us all more secure.

In the words of President Obama,

Let’s reject the false choice between protecting our people and upholding our values.  Let’s leave behind the fear and division, and do what it takes to defend our nation and forge a more hopeful future — for America and for the world.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s