More than a month of waiting is over: President Barack Obama will release the results of his 60-day review of the government's cybersecurity posture this week and announce the creation of a cyberczar with a broad mandate to protect both public and private networks from cyberattacks, reports The Washington Post.
The adviser will have the most comprehensive mandate granted to such an official to date and will probably be a member of the National Security Council but will report to the national security adviser as well as the senior White House economic adviser, said the sources, who spoke on the condition of anonymity because the deliberations are not final.
The announcement will coincide with the long-anticipated release of a 40-page report that evaluates the government's cybersecurity initiatives and policies. The report is intended to outline a "strategic vision" and the range of issues the new adviser must handle, but it will not delve into details, administration officials told reporters last month.
The Post reports that when it comes to protecting private networks, the review pushes public-private partnerships. Regulation, the papers says, is the last resort. The reason the cyberczar will report to both the national security advisor and the senior White House economic advisor, Lawrence P. Summers, is because of Summers' fear that onerous government cybersecurity regulations could disrupt economic growth.
The paper also notes that the review does not discuss the controversial role of the National Security Agency (NSA)—the nation's, if not the world's, premier electronic surveillance agency. Critics argue the NSA is too secretive to watch over and protect private sector networks.
Over at The Washington Times, three cybersecurity heavyweights also argued that the White House must promote public-private partnerships as the best way to make the nation's cyberinfrastructure "cyberresilient."
Rep. James R. Langevin (D-RI), co-chairman of the Center for Strategic and International Studies (CSIS) Commission on Cybersecurity for the 44th Presidency, Mark Gerencser, a senior vice president at Booz Allen Hamilton, and Charles G. Boyd, president and chief executive officer of Business Executives for National Security, argue public-private partnerships are the only way to keep U.S. public and private networks up and running in spite of attacks.
Whether they realize it or not, companies, government agencies and other organizations are part of an interconnected system that cannot absorb a major attack. Narrow-point solutions such as firewalls, anti-virus software and intrusion-detection technology help, but they don't suffice.
True protection requires cyberresilience. That can be achieved only through collective action and cooperation on a scale rarely witnessed before: a national effort involving business, government and society - similar to the way "Y2" - the apprehension about what would occur with the advent of the year 2000 - was approached, but designed for the long haul and not just one event.
No single organization has the capacity to build this resilience. We need to work as a large and inclusive community across government, industry and nonprofit organizations - a megacommunity of sorts.
Without such common cause, the authors conclude, we leave everything from our power grids to our financial networks at risk when a large-scale cyberattack does occur.
♦ Photo by amelungc/Flickr