Obama and Cyber Defense (WSJ)

Obama and Cyber Defense

Government should protect our e-infrastructure.

http://online.wsj.com/article/SB124623073971766069.html

In a Monty Python skit from 1970, the Vercotti brothers, wearing Mafia suits and dark glasses, approach a colonel in a British military barracks. "You've got a nice army base here, Colonel," says Luigi Vercotti. "We wouldn't want anything to happen to it." Dino explains, "My brother and I have got a little proposition for you, Colonel," and Luigi elaborates, "We can guarantee you that not a single armored division will get done over for 15 bob a week."

If the idea of the military having to pay protection money to the mob seems silly, imagine what Monty Python could do with last week's White House decision on security. It announced a new "Cyber Command" to protect information infrastructure, but stipulated that the military is allowed to protect only itself, not the civilian Internet or other key communications networks. When President Barack Obama announced the plan, he stressed that it "will not -- I repeat -- will not -- include monitoring private-sector networks or Internet traffic." It's like telling the military if there's another 9/11 to protect the Pentagon but not the World Trade Center.

The announcement shows that our political system is still ambivalent about how to defend communications networks such as the Internet. We expect privacy, but we know that intrusive techniques are required to protect the system from cyber attacks. How to balance privacy with preventing attacks that would undermine the system altogether?

It's an open secret that the National Security Agency (NSA) must operate through civilian networks inside the U.S. in order to prevent millions of cyber attacks every year by foreign governments, terror groups and hackers. Likewise, the NSA must follow leads through computer networks that run through innocent countries. "How do you understand sovereignty in the cyber domain?" asked James Cartwright, vice chairman of the Joint Chiefs of Staff, in a recent speech. "It doesn't tend to pay a lot of attention to geographic borders."

The risks are real. Cyber attacks on Estonia and Georgia by Russia in recent years forced government, banking, media and other Web sites offline. In the U.S., the public Web, air-traffic control systems and telecommunications services have all been attacked. Congressional offices have been told that China has broken into their computers. Both China and Russia were caught having infiltrated the U.S. electric-power grid, leaving behind software code to be used to disrupt the system. The risk of attacks to create massive power outages is so serious that the best option could be unplugging the U.S. power grid from the Internet.

The military is far ahead of civilian agencies such as Homeland Security and is now focused on cyber offense as well as defense. Cyberspace, says Gen. Kevin P. Chilton, commander of the U.S. Strategic Command, is the new "domain," joining the traditional domains of air, land and sea. Each is a focus for both defense and attack. The U.S., a decade behind China, is now officially focused on using cyber warfare offensively as well as defensively.

The U.S. is an inventive nation, so we'll get to the right answer on security if we ask the right questions. What if the only way the military can block a cyber attack is to monitor domestic use of the Web, since foreigners use the Web to launch cyber attacks? What is a "reasonable" search in a virtual world such as a global communication network? What's the proper response to cyber attacks?

If cyber war is a new form of war, wouldn't most Americans adjust their expectations of reasonable privacy to permit the Pentagon to intrude to some degree on their communications, if this is necessary to prevent great harm and if rules protecting anonymity can be established? Finally, wouldn't it be better for politicians to encourage a frank discussion about these issues before a significant attack occurs instead of pretending there are no trade-offs?

Only the NSA, which operates within the Defense Department, has the expertise to protect all U.S. networks. It has somehow found ways to mine needed data despite pre-Web rules that restrict its activities domestically. But the question remains: How can the military get enough access to private, domestic networks to protect them while still ensuring as much privacy as possible? One logical approach is for Homeland Security to delegate domestic defense to the NSA, but for the domestic agency to maintain enough responsibility to have political accountability if privacy rights get violated in the process.

We'll look back on the current era, with the military constrained from defending vital domestic interests, as an artifact of an era when it was easy to point to what was foreign and what was domestic. In the digital world, as the cyber threat shows, physical distinctions such as political borders are unhelpful and can be dangerously confusing.

Hathaway: National cyber incident response plan coming by year end (FCW)

Hathaway: National cyber incident response plan coming by year end

Hathaway also confirms she's in running for White House cybersecurity coordinator

• By William Jackson
• Jun 16, 2009

http://fcw.com/articles/2009/06/16/hathaway-developing-cybersecurity-response-plan.aspx

The Cyberspace Policy Review released by the White House last month was only the beginning of an effort being driven by President Barack Obama to reshape and strengthen the nation's cybersecurity, according to Melissa Hathaway, who headed up the review.

Hathaway, acting senior director for cyberspace for the National and Economic Security Councils, said today her team plans to produce a comprehensive national incident response plan by the end of the year that will guide response to the cyber equivalent of a major natural disaster. The team also will be working to unravel the overlapping and sometimes contradictory laws and regulations identified in the study that get in the way of effective cooperation and responses to cyber threats.

"You can expect a dialog on this issue with the private sector," Hathaway said at the Symantec Government Symposium in Washington. "You will also see us working with Congress because many issues will require a legislative fix."

As a result of the Cyberspace Policy Review, Obama announced last month the creation of a White House office of cyberspace coordinator, who will oversee government cybersecurity policy.

Hathaway on June 12 told Federal Computer Week, that she is a candidate for the White House cybersecurity coordinator position. According to Hathaway, officials hope to select a cybersecurity coordinator in the coming weeks, but no definite date had been set.

"In the coming weeks there will be an announcement of a cyberspace coordinator," Hathaway said. She said the president is personally engaged in the selection, which should be made soon.

The efforts reflect what Hathaway called an '"unprecedented level" of presidential leadership in cybersecurity. It is being established as one of Obama's management priorities, which means performance metrics are being established that will make department heads, not just chief information officers, accountable for their agencies' security posture.

Hathaway illustrated the scope of the cybersecurity issue with a familiar litany of challenges. The Internet and its associated information infrastructure now underpin much of the global economy and are essential to continued economic growth. However, it has expanded in scope and functionality at a pace that has outstripped efforts to secure it.

"It is not secure enough nor is it resilient enough to be move us forward," she said. "We are faced with a dangerous combination of known and unknown vulnerabilities."

The infrastructure is being challenged and attacked not by amateurs, but by professional criminals and spies backed with substantial resources.

There are no coordinated plans for protecting the critical infrastructure or responding to incidents, either by government or the private sector, she said. At the same time, three of the most important initiatives in moving the nation's economy ahead — building out universal broadband networks, a smart energy grid and electronic health records — are all threatened by these vulnerabilities and exploits.

"These are some of the things that keep the president up at night," Hathaway said.

The incident response plan will be vetted by the Homeland Security Department and private industry, and Hathaway said a wiki might be established to allow the private sector to collaborate in its development.

Difficult issues of liability and confidentiality will have to be resolved to enable the kind of pubic/private partnership that everyone agrees is necessary to improve cybersecurity. "We can no longer talk about a public-private partnership, but need to act on it," she said.

Greater international cooperation also is needed, and achieving this will require establishing common standards of behavior in cyberspace. Norms need to be established for defining criminal activity, warfare and terrorism, so that appropriate responses can be agreed upon, she said.

And to achieve all of this, a greater pool of manpower and expertise is required. Educational efforts must be extended past universities into primary and secondary schools to provide an adequate flow to the pipeline.

Summary of Reactions

I continue to be amazed at the sophisticated use of low-cost IO tools and cyber the new administration uses as part of its influence shaping ops.  I would like to see our military adopt similar techniques.  VADM Brown, the Joint Staff J6, talked about this point specifically at the Omaha Cyberspace Symposium in April.  She stated that in this open/connected society, we in the military need to figure out how to leverage existing collaboration and new media outlets to shape the battlefield and to help our own military become more effective.  However, she stated, the dominant Cold War thinking in the DoD is preventing that from happening.

============

THE WHITE HOUSE

Office of the Press Secretary

_______________________________________________________________________________________

For Immediate Release
June 6, 2009


President Obama's Speech to Muslim Communities around the World

Summary of Reactions

June 6,  2009

U.S. Embassies and Consulates and intelligence analysts submitted the following reactions to the President's speech in Cairo. The reactions are garnered from news reports  in local new media and traditional media and from individual conversations. 

Top Line

According to an online poll being conducted by the Broadcasting Board of Governors (BBG), reactions to US President Obama⿿s 4 June speech in Cairo continue to be overwhelmingly positive, according to an ongoing online poll conducted by Maktoob Research. More than 75 percent of respondents in these countries who have taken part in the poll said they viewed the speech favorably. In addition, more than half thought⿿based on the President⿿s speech⿿that US policies toward the Arab world and toward their individual countries would improve. More than 40 percent agreed strongly that the US intends to promote the creation of an independent and viable Palestinian state, for example, while more than 50 percent strongly agreed that the US intends to promote a solution to the Iraq war that would benefit the Arab world.

Summary of Outreach

*Over 100 viewing parties, discussions, or other events were held by embassies and consulates from Bolivia to Uzbekistan.

*Posts (embassies or consulates) "tweeted" along with the speech in 7 countries. These twitter discussions continue with hundreds of people tweeting about their reactions to the speech.

*30+ posts used Facebook to enhance outreach either ahead of the event, to chat during and after the event, or to follow wall posts and status updates. The White House Facebook page has over 236,000 fans who left thousands of comments about the speech. We had over 1200 confirmed "guests" for the online event. About 1,500 people liked our video on Muslim Americans (see it  <http://www.whitehouse.gov/blog/The-President-in-the-Middle-East/translations/> here) with about 235 giving us a "thumbs down".

*An estimated more than 20,000 people received information about the speech or quotes from the speech through SMS text messages.

*On our  <http://www.youtube.com/user/whitehouse> YouTube site, the President⿿s speech has been viewed over 550,000 times. The  <http://www.whitehouse.gov/blog/The-President-in-the-Middle-East/translations/> Muslims in America clip received: Arabic 10k hits, Pashto 4k hits, Punjabi 25k hits, Persian 11k hits, other languages 45k. 7 posts linked posted YouTube videos on their websites or linked to the WH video of the event.

*In Sierra Leone, the Embassy funded viewing events through 11 cinema centers so that 1,000 people would be able to watch the event who would not have otherwise been able to.


*In India, approximately 200 million Indians listened to or watched the speech live.

*Many posts hand delivered copies of the speech to Imams, politicians, and other community leaders.

*5 Ambassadors chatted online with groups watching the event

Interesting Anecdotes:

"Obama spoke clearly about the universal values we share⿦People appreciated the phrases and lines taken from the Holy Quran. Hopefully, this is not lip service only, but will be followed up with concrete action. Unfortunately, as Obama knows, achieving his goals will be difficult, because there are but few saladins in this era who genuinely want to make Palestine a holy land for all human kind, instead of one religion only." -Dalail, head of Muhammadiyah in North Sumatra, Medan, Indonesia (June 4)

The Consul-General in Sydney gathered 40 Muslim community leaders and national media to watch the speech at her residence.  Sydney⿿s Muslim community is normally divided with little mixing across among the Turkish, Lebanese, and Indonesian majority groups, but President Obama⿿s speech brought them together, together with a Jewish leader the CG invited.

"I like that Obama emphasized that every nation has the right to pick its own system of government."-graduate student in China at speech-viewing program (June 4)

Manila: the day of the speech, during her trip Zamboanga in southwestern Mindanao, Ambassador Kenney talked about that evening⿿s speech to a group of 116 sixteen-to-nineteen-year-olds participating in the Cultures Across Mindanao (CAMP) youth camp, which builds understanding and peace advocacy among teenagers of different religions and cultures in Mindanao.

Eritrea: Students at an Embassy viewing were happy with the emphasis on democracy and the equality of all human beings. They were pleased with President Obama⿿s readiness to resolve disputes and differences peacefully and to engage in dialogue as opposed to violence. Some, however, felt that choosing the venue of Cairo was an endorsement of Egyptian⿿s human rights records and government. Some expressed that President Obama should have selected a venue that is in turmoil such as Somalia.

In Mexico, commentators echoed calls for actions to follow the good words of the speech, but even those could be surprisingly positive ⿿ left-wing Mexican La Jornada tempered its reaction in an editorial: "this reconciliation cannot be accomplished through a speech regardless how brilliant it was. But this change of tone makes it possible to imagine [a new era] where Bush⿿s catastrophic heritage is transcended.

In Afghanistan, we hosted events in Kabul, Herat, and Jalalabad featuring online post-speech discussion using Adobe Co.Nx. Another post-speech panel featuring fifty religious leaders and students focused on the responsibility of Afghans to respond to Obama⿿s message with responsible actions.

In Pakistan, three events in Karachi and Lahore produced positive post-speech discussion on major networks and newspapers. Commentary was very positive in recognition of the "new tone from Washington" but underscored the need for actions that match the rhetoric.

More details in key regions/countries

Afghanistan: U.S. missions hosted events in Kabul, Herat, and Jalalabad featuring online post-speech discussion using Adobe Co.Nx. A post-speech panel featuring fifty Afghan religious leaders and student focused on the responsibility of Afghans to respond to Obama⿿s message by outlining what they want for their society and a relationship with the West. The panel discussion was taped by national television carrier RTV and will air this weekend. The speech was carried live by BBC and RTV; Pasthun language Shamshad TV and Arianna-TV (Dari) will air the speech again this weekend.

*BBC Afghan Service carried the speech live with translation. VOA⿿s Radio Deewa and RFE/RL⿿s Radio Azadi both carried the speech audio live with subsequent discussion and call-in shows. Afghan reaction in those broadcasts was positive.

*State-owned RTA (national TV) aired the speech live and had exclusive coverage rights to film the subsequent panel discussion at the Government Media Information Center. It will broadcast the event in its entirety this weekend.

*Pashto language Shamshad TV and Dari language Arianna will both air the speech on Friday, both of which were made possible the timely delivery of translations.

*Advertised President Obama⿿s Speech through both Facebook (500+ fans) and Twitter (300+followers). 

*New media updates and messages to national and international press included advertising and links for IIP⿿s SMS texting service, the CO.NX webchat, and Embassy Kabul⿿s webchat directly after speech. 

*A post-speech webchat with Deputy Ambassador Ricciardone, Assistant Ambassador Mussomeli, and Political Chief Alan Yu answered over 40 questions from over 100 participants including those linked electronically at Lincoln Centers. 

*Kabul⿿s MIST team sent SMS messages to 236 young Afghans who expressed interest in receiving information on feedback sheets from the McCurry exhibit and PD publications; invited audience to send their reactions via text message.

India: In India, home to 150 million Muslims, reaction was swift and effusive. Our missions in New Delhi, Kolkata, and Mumbai hosted viewing events, panel discussions, and conducted post-speech interviews with all the major Indian media. Our Public Affairs Officer in New Delhi hand-delivered a copy of the speech to the Sufi Imam, which became its own media event, featuring laudatory remarks for the President and a group of Qwaali singers praising God and the "righteous leader President Obama." It is estimated that more than 200 million Indians witnessed first-hand the speech or coverage of a discussion or event connected to the speech.

*All Indian TV channels and networks went live with President Obama⿿s speech, including the national broadcaster Doordarshan (viewership: 450 million), Aajtak (viewership: 31 million) NDTV 24X7 (viewership: 16 million), NDTV India (viewership: 26 million), Zee TV (viewership: 20 million), Star TV (viewership: 24 million), Sahara TV (viewership: 11 million), CNN-IBN (20 million) and TIMES NOW (20 million).

Lebanon: Media outlets covered the President⿿s speech extensively, despite intense attention on Sunday⿿s parliamentary election.  Newspapers front-paged the speech with long segments printed in full.  All outlets, excluding, as is to be expected, Hizballah⿿s Al Manar, were impressed with the skillful language and sensitivity to Muslims.  Outlets highlighted the reference to Maronites in Lebanon, interpreting it as indicating Maronites are a minority, a sensitive issue here.  Several commentators and editorialists raised concerns about achieving the aspirations discussed in the speech.

The speech dominated the mass media of the Middle East in a truly unprecedented manner. It was carried live by all major 24 hour Pan-Arab news networks, Israeli networks, Western-operated Persian networks, and even the Iranian-operated 24 hour Arab news network Al-Alam. Not surprisingly, Hizballah-operated Al-Manar TV, HAMAS-operated Al-Aqsa TV, Iranian national television, and Syrian national television failed to carry the speech live. However, Pro-HAMAS Al-Quds TV carried the speech live and translated in full. The full transcript of the speech was printed in dozens of newspapers throughout the region including the top two Pan-Arab newspapers out of London, Al-Hayat and Al-Sharq Al-Awsat.

Pakistan: Three events in Karachi and Lahore produced positive post-speech discussion on major networks and newspapers. Commentary was very positive in recognition of the "new tone from Washington" but underscored the need for actions that match the rhetoric.

*Consulate Lahore hosted twenty editors, religious leaders, political figures, academics, and businesspeople for viewing and discussion. Guests all agreed it was a good, sincere speech, but called for actions that reinforce the message. One 20-year old attendee called it "the most appropriate confidence-building measure America could give the world."

*American Consulate General Karachi hosted a group of 78 for a live presentation of the speech and post-speech discussion at the Consul General⿿s Residence, including students from Karachi University, members of Rotract (youth affiliate of the Rotary Club), religious clerics, journalists and media representatives, exchange alumni and members of the business community, with an emphasis on young people. The audience was encouraged to complete feedback forms and website link set up to share their thoughts and observations on the speech. PAS distributed the IIP publication, "Obama in His Own Words;" many requests for additional books.

*Karachi also organized a viewing and discussion at the Lincoln Corner in Karachi. Fifteen students and volunteers of Jinnah University for Women and the Young Social Reformers attended the program. The speech was well received by the students and their overall impression was positive. IIP publications "Freedom of Faith" (an e-Journal) and "Mosques of America 2009" calendars were distributed to the audience.

Palestinian Territories: Palestinians warmly welcomed President Obama⿿s June 4 Address, applauded his outreach to Muslims and praised his specific comments on the Israeli-Palestinian conflict. Palestinians felt the President used the "right language" and struck a blow at extremists, such as Al Qaeda. Palestinians applauded the President⿿s repeated use of "Palestine" and his recognition of Palestinian suffering since 1948, but want more specifics on the steps he will take to realize a Palestinian state. Young Palestinians expressed this frustration more strongly than did those of an older generation. Students said they will only be confident of U.S. support when they see new actions on the ground. Older Palestinians were more willing to be patient as the Obama administration tries to achieve results. Official Palestinian Authority and PLO reactions were positive, welcoming the President⿿s strong commitment to the creation of an independent Palestinian state. HAMAS said !
 the speech reflected a "tangible change in ⿦rhetoric and policies" but that it was "full of contradictions." 

OBAMA STEPS INTO THE CYBER WAR (Defense Tech)

Seems like as folks actually read the report rather than just the press releases, they are less than impressed by the results of the 60-day review.  I sent out CNet's analysis yesterday.  Below is the analysis from Defense Tech.

OBAMA STEPS INTO THE CYBER WAR

http://www.defensetech.org/archives/004864.html

In a speech about cyber securitydelivered from the White House East Room President Obama said, "We're not as prepared as we should be, as a government or as a country." This statement came as the much anticipated Melissa Hathaway's sixty day review was released on May 29. The report is titled "Cyberspace Policy Review - Assuring a Trusted and Resilient Information and Communications Infrastructure."

When President Obama announced this sixty day review it was reported to be focused on reviewing the U.S. Government's cyber-security plans, programs, and activities. So many security professionals are left feeling flat. Brian Martin from Spy-Ops said he is at a loss how we ended up with just a "Policy" review; it seems like a long way from the original objective. On February 9th MSNBC wrote in an article that "President Barack Obama on Monday ordered a sixty day review of the nation's cyber security to examine how federal agencies use technology to protect secrets and data."

It seems that there is a discrepancy as to what was expected and what was delivered. Rumors abound that the objective was more toward that reported by MSNBC and many others. Many believe the findings painted a picture that cyber security, as assessed for this report, was so bad that the published report was either a subset of the entire report that was said to be marked "For Official Use Only" (FOUO) or a filler document created after a decision was made not to release the actual findings.

The term FOUO is used to identify unclassified information that is of a sensitive nature. The unauthorized disclosure of information marked as FOUO could adversely impact programs or operations essential to the national interest and security. FOUO information is distributed on a need-to-know basis. Need-to-know is determined by an authorized holder of information that a prospective recipient requires access to specific information in order to perform or assist in a lawful and authorized governmental function, i.e., access is required for the performance of official duties. It was pointed out to me that FOUO documents are exempt from requests under the Freedom of Information Act. One person I talked to said, "60 days to generate a 76 page PDF file that contained 10 totally blank pages and nothing new –- give me a break!" A very interesting observation at best.

On February 8th the Wall Street Journal reported that "She (Melissa Hathaway) will lead a review of the government's efforts to secure computer networks against spies, terrorists and economic criminals and is expected to then head a new White House office of cyber security." The report seems to fall way short of the objectives stated above. The body of the report is less than thirty pages in reality. Perhaps the most valuable and insightful piece is Table 1 through 3: Near-Term and Mid-Term Action Plans. These plans provide a very high level glimpse into what actions will be taken to secure cyberspace and manage the threat to the U.S. economy and national security.

Is there anything revolutionary or unexpected in the report? Not really! However, many have commented that the statement at the top of page thirty-five (see below) is encouraging.

"Work with industry to provide threat information and identify best practices for managing supply chain and insider risks, both from economic and threat perspectives."

Industry involvement is critical if these efforts are going to have any degree of success. The integration of supply chain to reduce the threat of compromised/counterfeit hardware and software is seen as one of the cornerstones for the security foundation necessary to safeguard our critical infrastructure and our computer systems and networks. Given that insiders are estimated at being involved in around 80 percent of security breached, defensive actions to mitigate insider threats is another cornerstone of a security foundation.

-- Kevin Coleman

A war we can fight to win (Foreign Policy: The Argument)

A war we can fight to win

Fri, 05/29/2009 - 7:43pm

http://experts.foreignpolicy.com/posts/2009/05/29/the_cybercop_in_chief

How to combat the biggest security threat you've never imagined. 

By Ken Adelman

There's an old adage about horsemeat: The more you chew, the bigger it gets.  There's a new adage about cyberthreats: The more you know, the scarier they get. 

Cybersecurity is vital to everything we do nowadays, from finance to romance. Just walk around any office -- whether medical, legal, public relations, manufacturing, service, whatever. Nearly everyone there is doing the same thing: sitting before a screen using a computer, mostly online. While cybersecurity is assumed, cyberinsecurity looms. It has morphed into a type of terrorism.

This morning President Obama told how today's terrorism comes "not only from a few extremists in suicide vests, but from a few key strokes of a computer."  He dubbed the ability to cyberattack "a weapon of mass disruption." That's clever, but it shortchanges the danger.

Just last year were some 44,000 incidents causing the Pentagon alarm, no doubt many by Chinese authorities but some by geeky high-school hackers. Attacks across the U.S. federal government rose by some 40 percent last year, and bad guys in Iran got a hold of highly-sensitive blueprints for Marine One, and financial data on U.S. military helicopters. Other hackers apparently got their hands on data galore on the design and electronics of the new Joint Strike Fighter. One could go on.

With so much being so dismal, we'd better focus on three positive points.  They're reflected in the president's remarks today and the report he issued, "Cyberspace Policy Review."

First, cybercrime is a global phenomenon that must be combated globally. We know the threat can come from anywhere. But usually we don't even know where an actual attack came from. U.S. authorities claim that stealing and subsequent selling of at least 40 million credit and debit cards from Barnes & Noble, Sports Authority, Office Max, and other chain stores probably came from Estonia, China, and Belarus. But such theft is hard to trace. 

Cybercrime networks are active on virtually every continent, increasingly collaborating across national borders. As we know from 9/11-type terrorism, an asymmetric threat that doesn't respect borders is tough to detect, and even tougher (frankly, impossible) to deter. With no home address for the attackers, there's no place to retaliate. Hence, the big game has become rougher, at least a lot more chaotic, than existed in the U.S.-Soviet nuclear faceoff, which I worked on over all those many years.

Second, cybersecurity is as much a consumer threat as a national security threat. As Obama put it, "millions... have been victimized -- their privacy violated, their identities stolen, their lives upended, and their wallets emptied." Consumer Reports estimates that one in five online consumers claim to have been victims of cybercrime over the past two years.  Imagine the outcry if one out of five houses in your neighborhood was robbed over the past two years.  You'd surely flee, as your neighbors would.

Cybercrime cost Americans more than $8 billion over the last two years, according to Obama. That number is likely to rise steeply, unless the United States gets its act together. "America's economic prosperity in the 21st century will depend on cybersecurity," the president added.

Third, it's something experts can anticipate and handle fairly predictably. We may not know the precise type of attack coming, but we know they're coming. And combating them is totally in our power.

Hence this is different from the other foreign-policy woes Obama faces. The Afghanistan-Pakistan mess depends so much on a pack of incompetent or corrupt leaders. The Middle East "peace process" hinges on Israelis and Palestinians each getting their own acts together (most dubious) and then wanting to wheel and deal at the same time (hasn't happened yet). North Korean proliferation depends on the craziness of Kim Jong Il, or whatever the hell is happening there. 

In contrast, U.S. policymakers have a great deal of power to determine how cybersecurity will be handled. That's why it's good that Obama is bringing this process into the White House, under the yet-to-be-named "Cyber Czar" (funny, since that's one threat Russian czars never faced, not that they handled any of their threats all that well). 

And that's why this effort may please Hillary Clinton: It does take a village. To put up defenses without inhibiting commerce or infringing on privacy takes government, for sure, but also private industry -- especially key players in the Internet ecosystem - network providers, applications guys, Web developers, software developers, etc.

Let's see if the Obama administration can indeed put this all together. It'd better, or we're totally phished.

Ken Adelman was an ambassador to the United Nations and director of the Arms Control Agency in the Reagan administration. 

Security experts sound off on Obama's cyber czar (USA Today Blog)

Security experts sound off on Obama's cyber czar

http://blogs.usatoday.com/technologylive/2009/06/please-spike-to-monday-story----cyberczar01_st---photo-of-martha---austin-courtesy-dartmouth-college----president-barack.html

President Barack Obama'sannouncement that he will name a senior White House staffer, reporting regularly to him, as the coordinator of a concerted public-private campaign to stem escalating cyber threats could be big step forward for the good guys. Security experts react to the news.

-- Martha Austin, executive director, Institute for Information Infrastructure Protection at Dartmouth College: "Because the vast majority of IT systems that run our nation's critical infrastructures are owned and operated by the private sector, it is imperative -- as the President pointed out -- that the nation's cyber security coordinator make a concerted and determined effort to reach out to the business community. The fact that the President so forcefully expressed his commitment to privacy and net neutrality should reassure the business community that the nation's need to balance security with accessibility will be well considered."

--  Ken Silva, CTO, VeriSign: Obama's plan "underscores just how serious this issue is and that the administration appears to understand the significance. It is just  a call for action; it is not action in and of itself. I'm optimistic that his recommendations will be acted upon."

-- Retired Air Force Maj. Gen. Harry Raduege, chairman, Deloitte Center for Network Innovation: "The president recognizes the fact that cybersecurity has become a critical element, not just for national security, but also for economic opportunities for our nation. The fact that he's going to personally select a person who is going to have direct access  to him, and be a member of the National Security Council and the National Economic Council, is very important."

-- Greg Brown, co-CEO, Motorola: "It is critical that effective, hands-on public-private partnerships are developed. This is a challenge that will require the collaborative efforts of businesses and government to be successful."

-- Ryan Barnett, research director, Breach Security: "We must have broad visibility and coordination in order to realize a new defensible strategy to protect our interests in cyberspace. A national plan for detection, prevention and response to these types of attacks is paramount."

-- Rep. Jim Langevin (D-RI), co-chair, House Cyber Security Caucus. "This White House report is a good starting point for the work that lies ahead … including increased coordination between the private and public sectors and within various government agencies. I am especially pleased to hear President Obama refer to our cyber infrastructure as a "Strategic National Asset" and a top national security priority.  Over the coming months, I look forward to working with the new Cyber Coordinator to fine tune its more general recommendations and make sure we are putting this report into action."

By Byron Acohido

A cybersecurity quiz: Can you tell Obama from Bush? (CNet)

A cybersecurity quiz: Can you tell Obama from Bush?

by Declan McCullagh

http://news.cnet.com/8301-13578_3-10252263-38.html?part=rss&subj=news&tag=2547-1_3-0-5

The U.S. president has announced a comprehensive cybersecurity strategy for the federal government, saying Internet-based threats have risen "dramatically" and the country "must act to reduce our vulnerabilities."

A 76-page White House document calls for a new way of looking at Internet and computer security, saying that private-public partnerships are necessary, collaboration with international organizations will be vital, and privacy and civil liberties must be respected in the process.

Sound familiar? The year was 2003, and the president was George W. Bush, who wrote the introduction to what he called a "National Strategy to Secure Cyberspace."

On Friday, President Obama announced his 76-page "Cyberspace Policy Review"--with precisely the same number of pages as his predecessor's--at an event at the White House.

While the Bush document discusses centralizing cybersecurity responsibilities in the Department of Homeland Security and the Obama document shifts them to the White House, the two reports are remarkably similar. Perhaps this should be no surprise: Obama selected Melissa Hathaway, who worked for the director of national intelligence in the Bush administration and was director of an Bush-era "Cyber Task Force," to conduct the review.

To test your political acumen, we've taken excerpts from both and placed them side by side in the following chart. Can you tell which quotations come from which administration? (An answer key is at the end.)

---

#1: Privacy and civil liberties	"The United States needs a partnership between government and industry to perform analyses, issue warnings, and coordinate response efforts. Privacy and civil liberties must be protected in the process."	"Work with the private sector to explore how best to apply technical capabilities to the defense of the national infrastructure and what legal framework would be required to ensure the protection of privacy rights and civil liberties."
#2: Sophisticated attacks	"The attack tools and methodologies are becoming widely available, and the technical capability and sophistication of users bent on causing havoc or disruption is improving."	"The growing sophistication and breadth of criminal activity, along with the harm already caused by cyber incidents, highlight the potential for malicious activity in cyberspace to affect U.S. competitiveness."
#3: Public-Private partnerships	"The federal government invites the creation of, and participation in, public-private partnerships...The government will continue to support the development of public-private partnerships."	"The federal government should examine existing public-private partnerships to optimize their capacity to identify priorities and enable efficient execution of concrete actions."
#4: Crisis responses	"Providing crisis management in response to attacks on critical information systems...In wartime or crisis, adversaries may seek to intimidate by attacking critical infrastructures and key economic functions or eroding public confidence in information systems response."	"The Federal government's obligation to protect the American people and to provide for the common defense includes a responsibility to ensure that the Nation can communicate and respond in times of crisis. The communications system itself might bear the brunt of such events and must have resilience or the capability to recover."
#5: Coordination	"The United States must improve interagency coordination between law enforcement, national security,and defense agencies involving cyber-based attacks and espionage..."	"The United States (must) achieve a more reliable, resilient, and trustworthy digital infrastructure for the future.... It presents the need for greater coordination and integrated development of policy."
#6: Critical infrastructure	"Our nation's critical infrastructures are composed of public and private institutions in the sectors of agriculture, food, water, public health, emergency services, government, defense industrial base, information and telecommunications, energy, transportation, banking and finance..."	"They have also become essential elements in the operation and management of a range of critical infrastructure functions, including transportation systems, shipping, the electric power grid, oil and gas pipelines, nuclear plants, water systems, critical manufacturing, and many others."
#7: Terrorists	"Malicious actors in cyberspace can take many forms including individuals, criminal cartels, terrorists, or nation states...The speed and anonymity of cyber attacks makes distinguishing among the actions of terrorists, criminals, and nation states difficult."	"A growing array of state and non-state actors such as terrorists and international criminal groups are targeting U.S. citizens, commerce, critical infrastructure, and government...Exploitation of information networks and the compromise of sensitive data...leave the United States vulnerable."
#8: International cooperation	"Enabling our ability to do so requires a system of international cooperation to facilitate information sharing, reduce vulnerabilities, and deter malicious actors."	"Only by working with international partners can the United States best address these challenges, enhance cybersecurity, and reap the full benefits of the digital age."
#9: International organizations	"We are also ready to utilize government-sponsored organizations such as the Organization of Economic Cooperation and Development (OECD), G-8,the Asia Pacific Economic Cooperation forum (APEC), and the Organization of American States (OAS), and other relevant organizations to facilitate global coordination on cybersecurity."	"More than a dozen international organizations including...the Group of Eight, NATO, the Council of Europe, the Asia-Pacific Economic Cooperation forum, the Organization of American States, the Organization for Economic Cooperation and Development...address issues concerning the information and communications infrastructure."
#10: Catastrophic attacks	"Providing continuity of government requires ensuring the safety of its own cyber infrastructure and those assets required for supporting its essential missions and services."	"The Federal government's obligation to protect the American people and to provide for the common defense includes a responsibility to ensure that the Nation can communicate and respond in times of crisis."

Answer key: All of the excerpts from the left column are taken from Bush's National Strategy document from February 2003. The right column represents excerpts from Obama's Cyberspace Policy Review document from May 2009.

Securing Our Digital Future (White House Blog)

The blog entry below is from the White House web site about the recently completed cyberspace review (click here to view report).  It is interesting that they have posted electronic copies of the UNCLAS studies that they reviewed.

Would be interested to hear your comments on the report.

Securing Our Digital Future

Posted by Melissa Hathaway

Melissa Hathaway, Cybersecurity Chief at the National Security Council, discusses securing our nation's digital future: 

The globally-interconnected digital information and communications infrastructure known as cyberspace underpins almost every facet of modern society and provides critical support for the U.S. economy, civil infrastructure, public safety and national security.  The United States is one of the global leaders on embedding technology into our daily lives and this technology adoption has transformed the global economy and connected people in ways never imagined.  My boys are 8 and 9 and use the Internet daily to do homework, blog with their friends and teacher, and email their mom; it is second nature to them.  My mom and dad can read the newspapers about their daughter on-line and can reach me anywhere in the world from their cell phone to mine.  And people all over the world can post and watch videos and read our blogs within minutes of completion.  I can't imagine my world without this connectivity and I would bet that you cannot either.   Now consider that the same networks that provide this connectively also increasingly help control our critical infrastructure.  These networks deliver power and water to our households and businesses, they enable us to access our bank accounts from almost any city in the world, and they are transforming the way our doctors provide healthcare.  For all of these reasons, we need a safe Internet with a strong network infrastructure and we as a nation need to take prompt action to protect cyberspace for what we use it for today and will need in the future. 

Protecting cyberspace requires strong vision and leadership and will require changes in policy, technology, education, and perhaps law.  The 60-day cyberspace policy review summarizes our conclusions and outlines the beginning of a way forward in building a reliable, resilient, trustworthy digital infrastructure for the future.  There are opportunities for everyone—individuals, academia, industry, and governments—to contribute toward this vision.  During the review we engaged in more than 40 meetings and received and read more than 100 papers that informed our recommendations.   As you will see in our review there is a lot of work for us to do together and an ambitious action plan to accomplish our goals.  It must begin with a national dialogue on cybersecurity and we should start with our family, friends, and colleagues. 

We are late in addressing this critical national need and our response must be focused, aggressive, and well-resourced.  We have garnered great momentum in the last few months, and the vision developed in our review is based on the important input we received from industry, academia, the civil liberties and privacy communities, others in the Executive Branch, State governments, Congress, and our international partners.  We now have a strong and common view of what is needed to achieve change.   Ensuring that cyberspace is sufficiently resilient and trustworthy to support U.S. goals of economic growth, civil liberties and privacy protections, national security, and the continued advancement of democratic institutions requires making cybersecurity a national priority.