Obama's speech this morning could be seen as his first step toward trying to position cybersecurity as a mainstream issue. He defined "digital infrastructure" as "the backbone that underpins a prosperous economy and a strong military and an open and efficient government."
The presidential imprimatur also helps. Obama said that he would personally select the cyber czar and vest the office with the authority and resources needed to get the job done.
"I'll depend on this official in all matters relating to cybersecurity, and this official will have my full support and regular access to me as we confront these challenges," he said.
But in structuring the position in the NSC and NEC, Obama backed off from a campaign promise to establish a cyber advisor who would report directly to him.
"It is critical that President Obama establish clear leadership at the top to drive a significant cybersecurity focus," Chris Schwartzbauer, senior vice president at security firm Shavlik Technologies said in a statement e-mailed to InternetNews.com.
In addition to bringing together senior officials at the various agencies, the cybersecurity coordinator will also be a liaison to private industry and Congress.
As the administration's cybersecurity point person on the Hill, the cyber czar will have a full plate.
Given the apparent focus on coordination, the administration's legislative agenda for cybersecurity could begin with an issue like setting a uniform national requirement for data-breach notification to replace the patchwork of 44 different standards in place today.
"I think they would start with standardization," TechGuard CEO Suzanne Magee told InternetNews.com. "It's very hard to bring everything together without standardization."
Following several failed attempts in previous sessions, data-breach legislation is back on the table in this Congress.
Another issue that the cyber czar will likely dive into is the push to update the Federal Information Security Management Act (FISMA), which established baseline criteria for secure computing practices in the agencies.
"In my view, FISMA serves a useful function because it defines how the risk assessment, control selection and audit processes are supposed to work at a federal level," Forrester analyst Andrew Jaquith wrote in a blog post. "This is a good, but it is important to remember that FISMA is mostly about compliance with a security program and its processes, and not about the effectiveness of the security itself."
Regarding the private sector, Dunkelberger said he took comfort in Obama's pledge not to impose security regulations on the industry, as well as the commitment to Net neutrality he reiterated this morning.
"They're going to continue to focus on the what, and they're going to let industry focus on the how," he said.
Article courtesy of InternetNews.com.