U.S. cyber-security strategy yet to solidify

By Ellen Nakashima
Washington Post Staff Writer
Friday, September 17, 2010

More than a year after President Obama made a White House speech proclaiming the protection of computer networks a national priority, the federal government is still grappling with key questions about how to secure its computer systems as well as private networks deemed critical to U.S. security.

The administration unveiled a cyberspace policy review last year, and Obama appointed a White House cyber coordinator in December to synchronize the government's efforts.

But the administration is still debating whether it needs new legal authorities - to strengthen the government's ability to defend private-sector networks, for example - or whether current law allows such actions. Meanwhile, critics say officials have not adequately assuaged privacy concerns or determined the extent to which the government should regulate or collaborate with the private sector to ensure that telecommunications companies, electric utilities and other critical industries are protected against hackers.

Congress, meanwhile, has crafted dozens of bills with varying prescriptions to improve the country's cyber security - including one that would place new security requirements, enforceable by the federal government, on certain elements of critical private-sector networks - but the White House has yet to weigh in with a position on any of them.

"There's a degree of caution about what direction to move, how far to move," said James A. Lewis, a national security expert at the Center for Strategic and International Studies. "You've got a lot of agreement on what the problem is but very little agreement on the solution, both within the government and outside."

Officials have warned of the dangers of failing to address the threat, saying that a sophisticated cyber attack could cripple U.S. computer networks and threaten the nation's economic security.

The Pentagon's second-in-command, Deputy Secretary William J. Lynn III, recently stated that more than 100 foreign intelligence organizations are trying to hack into the military's digital networks. Indeed, the Pentagon has been battling a series of significant and long-standing intrusions into military networks by foreign adversaries looking to steal secrets worth potentially billions of dollars in terms of information technology and development of military capability, sources said.

Lynn asserted that the threat to the intellectual property of businesses, universities and the government may be "the most significant cyber threat" facing the country.

The president's cyber coordinator, Howard Schmidt, said in an interview that the administration was deliberating the appropriate regulatory role for the federal government but that the emphasis must be on collaboration.

"It's very clear," he said. "We've recognized it's a partnership."

He noted that officials have reduced the number of government "gateways" to the Internet, which makes network monitoring easier; begun connecting federal network security centers so that technicians can better see what's happening on computers across the government; and crafted a national cyber-emergency response plan.

Schmidt has also touted a proposal to enable computer users, if they wish, to obtain a "smart identity card" that authenticates their identities for online banking and other online transactions.

CONTINUED     1        >

© 2010 The Washington Post Company