It's time to start to think about the cybersecurity agenda for the 45th president of the United States, who takes office a year from this week. And we need your help in identifying what the next president's cybersecurity challenges will be (see end of this blog).
See Also: Public, Private & Hybrid Cloud: Why Compliance (Done Right) is the Easy Part
No doubt, the next president will make cybersecurity an administration priority. President Obama did that early in his administration. Weeks after being sworn-in in 2009, he tapped a national and homeland security adviser, Melissa Hathaway, to conduct a 60-day interagency review (it actually took 109 days) of the federal government's cybersecurity plans and activities.
Hathaway's assessment culminated in a 10-point cybersecurity action plan that Obama issued May 29, 2009. It became the cornerstone of the Obama administration's IT security agenda for the remainder of his term.
But the genesis of that plan occurred two years earlier - in August 2007, a dozen months before Obama was nominated - when the think tank Center for Strategic and International Studies quietly formed the Commission on Cybersecurity for the 44th Presidency, co-chaired by U.S. Reps. James Langevin, D-R.I., and Michael McCaul, R-Texas; Microsoft cybersecurity thought-leader Scott Charney; and retired Air Force Lt. Gen. Harry Raduege, former director of the Defense Information Systems Agency. A month and a day after Obama's election, the star-studded commission of top cybersecurity policymakers issued its report titled Securing Cyberspace for the 44th Presidency, which helped the new president and his advisers map out the administration's cybersecurity agenda.
Obama Legacy
Obama accomplished a lot on the cybersecurity front, although the effectiveness of each of his actions is debatable. For instance, he created the position of cybersecurity coordinator, with the rank of special assistant to the president. But that job - which took nearly a year to fill - didn't have the authority many in the cybersecurity community felt it should. "If you're going to appoint a cybersecurity czar, you have to give him actual budgetary authority - otherwise he won't be able to get anything done," cybersecurity author Bruce Schneier wrote in 2008. The post did not have budgeting authority; I'll leave it to you to decide what the two cybersecurity coordinators - first Howard Schmidt then Michael Daniel - accomplished.
The administration has undertaken dozens of cybersecurity initiatives, including issuing the cybersecurity framework - a plan to help critical infrastructure operators to secure their information assets; spurring cyberthreat information sharing between government and business; and creating an initiative to secure online transactions, to name a few.
But the federal government on Obama's watch had many cyber challenges, most notably major breaches, including the hack of computers at the Office of Personnel Management, exposing the personal information of some 21.5 million individuals. The consequences of the breaches and rapidly evolving cyberthreats will not go away with Obama's departure from the White House.
What Next?
Despite Obama's accomplishments, much more must be done by the next president. For instance, cyberthreat information sharing is now law, but it's voluntary for businesses to participate, and the new administration must to figure out how to make it work.
What other cybersecurity initiatives do you believe the next president must tackle? Share your thoughts in the box below and/or on Twitter with the hashtag #Cyber45Prez.