In the last few weeks, the Obama White House has made some bold moves in the cyber arena. It has been quite a while coming. Delayed gratification seems to be the strategy with regard to cyber.

After the delayed release of their Cyber Space Policy document in May of 2009, it looked as if there would be a new cyber sheriff in town. The delay occurred after Melissa Hathaway turned in her report within the 60 days Obama gave her. It was due to a tug of war between the National Security Staff and the National Council of Economic Advisors, who both (correctly) saw huge interests in how cyber was played.

Next, it took another six months or so to find a suitable National Cyber Coordinator who would accept the honor. Fortunately for us, Howard Schmidt finally said yes. He has been deliberately methodical and low key, and has worked to “nug out” the little details other “celebrity” appointees would have probably ignored. Regardless, the forward motion felt glacial.

The next two big benchmarks remain highly controversial. The first of these was the establishment of U.S. Cyber Command collocated with the National Security Agency (and sharing the same boss in GEN Keith Alexander). The second, related to the first, was the memorandum of agreement between DoD and DHS for cooperation, info sharing, and direct support between Cyber Command and DHS to defend the government’s civilian networks. These took most of 2010 and part of 2011 to take place.

That brings us back to the dual punches of May 2011. The White House’s legislative proposal and the release of an international cyber strategy frankly caught most of us by surprise (as I have written before). Just when many big Federal Integrator firms and tech companies were beginning to doubt the wisdom of many of the investments they made to address the cyber market, it appears we will have movement that might kick lose some spending on the government’s part.

Well, after a few weeks, most of us are still confused. The legislative proposal has gotten a cool reception on the Hill. While it does mirror some elements of the leading congressional contenders, it also has some hot buttons in it that are serious “no-go’s” for key Legislators. Most of the issues reside in elements that are seen as expansions of Executive Branch power (Internet Kill Switch, ability to dictate to critical infrastructure companies, etc).

The International Strategy is not controversial at all, but that is because it is not terribly substantive. One commentator said “It is a lot of Motherhood and apple pie.” The commentator was being kind. It does not say anything “wrong,” but it is not exactly the definitive guide one would have expected for a document that drew multiple Cabinet members and other senior Departmental representatives to its roll out.

In short, industry players (and the cabinet agencies) are back in the starter blocks, ready to dash, but the starting gun was a bit weak and tentative. They still have not divined the Obama Administration’s direction for cyber to a degree that will allow them to move forward. We badly need to stimulate action.

Dr. Steven Bucci is director of the Allison Center for Foreign Policy Studies at The Heritage Foundation. He was previously a lead consultant to IBM on cyber security policy. Bucci’s military and government service make him a recognized expert in the interagency process and defense of U.S. interests, particularly with regard to critical infrastructure and what he calls the productive interplay of government and the private sector. Read More