Obama taps former NSA CEO to head up cybersecurity

18.02.2016
In the waning months of the Obama administration, the White House is racing to lay the groundwork for an enduring plan to shore up the nation's critical digital infrastructure.

Yesterday, President Obama described the digital age as a sort of double-edged sword, at once delivering "incredible opportunity, incredible wealth," while also presenting a new set of complex and evolving security challenges that arise from an environment where "more and more of our lives are being downloaded, being stored, and as a consequence are a lot more vulnerable."

[ Related: Government ranks last in fixing software security holes ]

Public-private sector cooperation win-win for cybersecurity efforts

Obama's Cybersecurity National Action Plan called for the formation of a bipartisan commission to develop an enduring but adaptable framework for how federal agencies should improve their own security posture, and work with members of the business community and state and local governments to establish a better coordinated system for defending against cyber threats.

In that spirit of public-private cooperation, Obama has tapped his former national security advisor, Tom Donilon, to chair the commission, and former IBM CEO Sam Palmisano to serve as vice-chair.

"So with a chairman who understands government and national security issues, a vice-chairman from the private sector who understands the intimacies of computing, of the digital world, the economic aspects of this, I think we've got two of the best possible people to chair this -- to head up this effort," Obama says.

Obama established cybersecurity -- along with numerous other IT issues -- as a high priority early on in his administration, and on Wednesday cited "enormous progress" that departments and agencies have made on that front, but seemed to characterize those efforts as incremental, "chipping away at the problem, trying to upgrade certain systems, trying to patch over certain security vulnerabilities."

With the new cybersecurity commission, the White House is casting a wider net, tackling what Obama says will "be a big agenda, a long-term agenda that is extremely complicated, extremely technical, and is going to require us to overhaul a bunch of legacy systems that are already in place."

[ Related: Obama's cybersecurity agenda bold, but relies on untested funding, experts say ]

Joining Donilon and Palmisano on the commission will be Homeland Security Secretary Jeh Johnson and Commerce Secretary Penny Pritzker, as well as other administration officials and members of the private sector and academia, the president says.

Cybersecurity figures prominently in the president's latest budget request. Of the nearly $90 billion Obama would like to spend on government IT systems, some $19 billion would be channeled to various security programs, including a fund to modernize agencies' legacy systems and efforts to train and hire more experts in the field.

[ Related: Obama wants more cybersecurity funding and a federal CISO ]

The new commission is tasked with producing a report by Dec. 1 that will address the whole of those challenges, but take a longer-term approach in doing so. In particular, Obama notes that the commission will be responsible for developing strategies to shore up the massive federal databases that house sensitive data about U.S. citizens, devise education strategies to keep the public informed about the latest threats and methods for protecting their personal information, and set a framework for the government to coordinate with the private sector.

Of the panel's mission, Obama explains that its "task was not to generate some fat report that collects dust, but in a timely way focuses on what are the long-term challenges that we face, what are the systems that we need to build, and can set a clear sense of direction for the federal government, working in concert with the private sector, state and local actors for the next five years, 10 years, 20 years, so that we can make sure that we get the benefits of the Internet and utilization, and not the dangers and threats."

(www.cio.com)

Kenneth Corbin