On 29 May 2009, President Obama released the results of his initial 60 Day review of Cyber Security policies. This long awaited release was accompanied by a Presidential address and a great deal of anticipation. The anticipation came from the hold that nearly everyone had put on their cyber security efforts as they waited for the report. We were all so excited that many saw the report’s release as having metaphorically crossed the finish line. In fact, it was only the sound of the starter’s gun.
We are finally beyond the campaign rhetoric, the speculation, and the studying of the problem, and can begin the difficult but essential process of building proper structures, devising the effective policies, and passing appropriate laws through which the President’s strategies to deal with this significant problem will be operationalized.
Several statistics were quoted in both the remarks and the Report that actually barely touch the surface of the problem, but which are sufficient to show the magnitude of what we face. Quoting the CSIS report, “Commission on Cyber Security to the 44th President”, they note that the cyber security issue set is “one of the most urgent National Security threats we face”. Former Chairman of the Joint Chiefs of Staff, General Peter Pace, in discussions with IBM executives went even further, saying that “Cyber security is THE most important national security issue confronting the United States today.”
The report points to threats to our information and its value to the nation. It states that in the last two years, cyber crime cost the American people over $8 Billion, and every year world wide theft of intellectual property through cyber means costs companies and countries over $1 Trillion. The threat goes beyond information and data. The report also mentions that Al Qaida, and other terrorist groups have stated that they desire to unleash a cyber attack on the United States, that is surely aimed at more than just the disruption of data and information. Their willingness to kill innocent people around the world, and their continuing efforts to obtain weapons of mass destruction speaks volumes of the potential they see for terror in the cyber realm. The Intelligence Community has confirmed that a number of countries have developed the capability to conduct cyber warfare. President Obama used the example of the attack on Georgia by the Russians in 2008 where the ground / air attacks were preceded by several very sophisticated cyber assaults a “glimpse of the future face of war.” The capabilities to attack the now networked SCADA systems of out industries and utilities give even small groups a truly asymmetric means to attack physical infrastructure. How elegant might this seem to a terrorist or small country, when they can strike, kill and destroy with the push of an enter key from a continent away.
The President understands the problem, and has decided to address it. Those who think that the release of the report will now solve all the problems are sadly mistaken. We have only begun the process. I plan on providing a section by section analysis of the report over the next few days. I will look at the Near Term Action Plan, and each of the five main chapters; Leading from the Top, Building Capacity for a Digital nation, Sharing Responsibility for Cybersecurity, Creating Effective Information Sharing and Incident Response, and Encouraging Innovation.