President Obama's Unfinished Business

President Obama's Unfinished Business

Election Over; It's Time for Cybersecurity Action

By Tom Field, November 7, 2012. Follow Tom @SecurityEditor
  • Print
  • Tweet Like LinkedIn share
Get permission to license our content for reuse in a myriad of ways.
Tom Field

If President Barack Obama's second term were a movie sequel, I'd call it "Unfinished Business." Because now it's time for the newly re-elected president to step up and see through the cybersecurity initiatives he spoke about when he first took office.

2014 Fraud Summit Agenda Released - View Session Details >

Remember the 10-point cybersecurity plan Obama unveiled in May 2009, aimed at securing the nation's critical IT infrastructure?

 We're no longer talking about a critical infrastructure at risk; it's under attack. 

That was three-plus years ago. Some elements of that plan have been fulfilled, starting with No. 1. Obama, indeed, appointed a high-profile national cybersecurity coordinator, Howard Schmidt, who served 2.5 years before stepping down and being replaced by Michael Daniel.

And as my colleague Eric Chabrow pointed out the other day in his analysis, Cybersecurity: Obama vs. Romney, there is much the Obama administration has done in its first term:

But there are some key cybersecurity goals that have not been met. Chief among them is the item that was No. 2 on Obama's original 10-point plan: Sign off on an updated national strategy to secure the information and communications infrastructure.

We can all agree that securing the critical infrastructure is essential. And we all recognize that 80 percent of the nation's critical infrastructure is controlled by the private sector. The unresolved question: To what degree should the federal government step in to regulate private industry in the name of securing critical infrastructure? Obama favors more regulation; his Republican opponents in Congress favor less.

On this critical issue, the first Obama term ended in a stalemate. Congress failed to pass the Cybersecurity Act of 2012, which included provisions to establish IT security best practices that could be voluntarily implemented by industry. And Obama hasn't come through on his subsequent threat of an executive order that would create a process to develop these best practices with the private industry stakeholders.

So ... what now?

While politicians have blustered, the threat landscape has changed dramatically. Among the escalated threats we've seen in Obama's first term:

Obama's second term must see a concerted bipartisan effort to address these threats. We're no longer talking about a critical infrastructure at risk; it's under attack.

Which brings me back to "unfinished business." With re-election behind him, Obama now has the opportunity to think about his legacy. He has every chance to become our first true "cybersecurity president." But that will happen only if he can bridge gaps - not just between parties, but between public and private sectors - and oversee enactment of legislation and defensive measures that truly address our vulnerabilities.

A cybersecurity plan is no longer sufficient. Now it's time for action.

Follow Tom Field on Twitter: @SecurityEditor

  • Print
  • Tweet Like LinkedIn share
Get permission to license our content for reuse in a myriad of ways.
ARTICLE Authentication: Going Beyond the User

Stronger authentication is just a piece of the fraud-prevention puzzle. Emphasis is now being...

Latest Tweets and Mentions

ARTICLE Authentication: Going Beyond the User

Stronger authentication is just a piece of the fraud-prevention puzzle. Emphasis is now being...

The ISMG Network