iEntry 10th Anniversary RSS Archive

IT Management Begins With Security
SecurityProNews > Insider Reports > Insider > Obama Gets Cybersecurity Bailout Proposal
Search:
[ insider_reports_insider ]

Obama Gets Cybersecurity Bailout Proposal



SecurityProNews
Staff Writer
2008-12-08

SecurityProNews: Insider Reports Insider Reports RSS Feed


Every bank in the world, the Big Three Automakers, and soon the cybersecurity industry. A bipartisan commission beseeches President-Elect Obama to set aside $30 billion for securing cyberspace and tougher regulations after both the government and the market failed to protect critical industry sectors like finance and infrastructure.

Obama Gets Cybersecurity Bailout Proposal
Obama Gets Cybersecurity Bailout Proposal

What's this? Even Verizon calling for tighter regulation of the Internet? Interesting switch in light of the company's previous objections-during the deregulation orgy heyday of the Bush years-to any government involvement when it comes to Net Neutrality. The phone company was just one member of the Commission on Cybersecurity for the 44th Presidency calling for tougher standards, but this call for better standards in the Washington Post, for those who watch telecoms closely, should leave an interesting taste in the mouth:

"…the U.S. government should use its purchase power to improve the quality and security of software, buying only from information technology vendors that meet standards for secure products. Such requirements could then be enforced by an agency like the Federal Trade Commission."

If Verizon's on board with regulation and standards, this must be serious. How does one disagree with what looks like the new military-industrial complex though? Anybody who's anybody from the CIA, the Navy, Microsoft, Sun, AT&T, ICANN, Lockheed Martin, Cisco, and GE-to name just a few-have all signed off on the plan.

The commission wasn't overly critical of the Bush Administration, but the tone in the executive summary was the equivalent of "good effort." In short, the job of cybersecurity is too big for the Department of Homeland Security alone, and passwords and other conventional security devices are inadequate, especially in light of high-level breaches of national systems, such as ones at the Pentagon.

The plan is a bit Big-Brothery sounding, so brace yourself for terms like "data warrants." It's also a bit demanding in tone to be intended as a list of recommendations to the highest office holder in the land. Much of it reeks of self-serving, help-us-make-money-and-we'll-help-you get tighter control of your country.

In short, the recommendations increase the size of government tremendously, call for very high (and likely very expensive) standards to be met at a federal level for government and civilian organizations, and pave the way for increased power to monitor data on the Internet.

The commission presented a total of 25 recommendations, which are summarized below:

1. President should acknowledge cyberspace as critical infrastructure, and that all US power will be used to protect it.
2. Create a new National Office for Cyberspace (NOC) and comprehensive security strategy involving international engagement and diplomacy, military planning and doctrine, economic policy tools, intelligence and law enforcement.
3. The US should open discussion about the best ways to secure cyberspace, and present issues of deterrence and national strategy to stakeholders.
4. Appoint an assistant for cyberspace and establish a Cybersecurity Directorate in the NSC that absorbs Homeland Security Council functions.
5. Merge existing National Cyber Security Center (NCSC) and the Joint Inter-Agency Cyber Task Force (JIACTF), and place aforementioned cyberspace assistant in charge.
6. The NOC and the new NSC Cybersecurity Directorate would oversee Federal Information Security Act (FIMSA), Trusted Internet Connections (TIC) initiative, Federal Desktop Core Configuration (FDCC) and acquisition reform, a new federated regulatory approach for critical cyber infrastructures and collaborative cybersecurity network across the federal government.
7. Create new public-private advisory groups to support new positions and agencies.
8. DHS remains responsible for US-CERT with oversight by NOC.
9. Create Center for Cybersecurity Operations (CCSO) for public and private sector collaboration.
10. Direct NOC to work with regulatory agencies to develop and issue security standards.
11. Develop regulations for industrial control systems, including standard certification metrics and enforceable standards. Offer economic stimulus packages to encourage compliance.
12. Tell the NOC to decide which parts of government cyber infrastructure are broken and which regulatory agencies are need to fix them.
13. Develop and implement security guidelines for the procurement of IT products, with software as the first priority.
14. NSA and NIST should reform the National Information Assurance Partnership (NIAP).
15. Mandatory requirement for agencies to contract only with telecommunications carriers that use secure Internet protocols.*
16. Strengthen authentication methods for people working in critical cyber infrastructures like ICT, energy, finance, and government services. These should "robust in-person proofing and thorough verification of devices."
17. Allow consumers to use strong government-issued credentials (or commercially issued credentials based on them) for online activities, consistent with protecting privacy and civil liberties.
18. FTC should implement regulations preventing businesses and services from requiring said credentials for all online activities by adopting a "risk-based approach to credentialing."
19. Restrict bonuses and awards from employees, contractors, and grantees who have not complied by using credentials.
20. Have the DOJ increase clarity, speed investigations, and better protect property by reexamining statutes pertaining to online crime investigations.
21. Until then, have the attorney general issue guidelines and requirements for law enforcement, military, and intelligence authorities.
22. Work with Congress to rewrite FIMSA to include performance-based security measurements.
23. Require civilian security systems to meet national security system standards.
24. Create training programs and career paths for the federal cyber workforce and develop national education programs.
25. Increase investment in cyber security R&D.


About the Author:
SecurityProNews is a daily online and email publication focusing on internet security issues.

More insider_reports_insider Articles

SecurityProNews: Insider Reports Insider Reports RSS Feed

Get Your Site Submitted for Free in the World's Largest B2B Directory!

Email Address:
* URL:
*
*Indicates Mandatory Field

Terms & Conditions

iEntry Featured Services: Jayde Member Services | Forums | Freeware | Advertise with Us

Contact Us | Advertise | Newsletter Archive | Sitemap | Submit an Article | News Feeds
SecurityProNews is an iEntry, Inc.® publication - $line) { echo $line ; } ?> All Rights Reserved | Privacy Policy and Legal		 Join the WebProWorld Forums: Click Here
Virus Warnings

Subscribe to
SecurityProNews FREE!


[ more newsletters ]

Featured On:
article resources
Search Articles:
[advanced search]

WebProWorld.com
Get in-touch with industry experts and leaders
Post your site for review by expert and peers
Ask Security, IT, Development and Design questions

Free Membership: Join Now!

Visit WebProWorld.com

Titan Quest Forum
The #1 Titan Quest forum
Halo 3 Forum
The best Halo, Halo 2, Halo 3 forum
Nintendo Wii
Nintendo Wii news and views
Mac Software
The best in OS X freeware
Graphics Forum
Your source for graphic tutorials
SecurityProNews.com | Breaking eBusiness News Get Your IT Questions Answered - Click Here SecurityProNews News Feeds