“The status quo is no longer acceptable,” President Obama declared, announcing that the results of the White House’s 60-day cyberspace policy review, a 38-page report that dismally concludes that the federal government is not properly set up to handle the growing problems of cybersecurity, either now or in the future. The president announced the creation of a cyber czar position, the head of the White House office of cybersecurity, to be named soon (rumor has it that the National Security Council’s acting senior director for cyberspace, Melissa Hathaway, who oversaw the policy review, will get the job). In recognition of the importance of technology to our economy, the cyber czar will report on his or her efforts to secure government, financial, and infrastructure systems to not only the NSC, but also the National Economic Council.
The cyber czar is just one of the five points in the strategy laid out by the cyberspace policy review; the other four are: national dialogue, aimed at increasing public awareness and education; cooperation, both public-private and with key U.S. allies; a comprehensive framework that enables information sharing and coordinated responses to cyber threats; and capturing the power of innovation to meet defined security objectives.
On Thursday, the Pentagon announced its own plan to create a new military command for cyberspace, which would be tasked with organizing the military’s various cyber capabilities. While the Pentagon’s plan hasn’t been formally presented to the president yet, he is expected to sign a classified order for its creation within weeks. While the president’s announcement focused on defensive capabilities, the creation of a high level office and a cybercommand indicates the administration’s recognition of cyberspace as a domain of warfare and willingness to pursue offensive cyberoperations. The question of who will conduct such operations remains unanswered—this longstanding bureaucratic dispute between the National Security Agency and the Pentagon could be a large headache for the new cyber czar.
In the meantime, both the White House and Pentagon announcements are a huge step in the right direction—cybersecurity has been overlooked in our national security strategy for too long, as recent revelations of vulnerabilities in U.S. power grids and military networks show.