Obama To Name Cyber Czar To Combat Cyber Terrorism: A Can Of Digital Worms?

In the latest evidence that the Obama administration may soon end up with more czars than in the entire history of pre-communist revolution Russia, President Barack Obama announced that he’ll be appointing a cyber czar to his administration and for the first time for any American administration will seriously put the potential issue of cyber security needed to combat cyber terrorism on the nation’s front burner.

The question: This is an issue that will involve various governments, the U.S. government plus private industry. In this new frontier of promise — and peril — called cyberspace, will a Czar appointed by a U.S. president truly have the kind of authentic clout and reach to make a real difference? And will governments and private industry be on the same wavelength?

Still Obama’s announcement was unprecedented:

President Barack Obama said Friday he will appoint the nation’s first cyber security czar to help protect the nation’s telecom infrastructure and information systems that have grown so crucial to industry, the military and individual citizens.

In an address, he noted that cyber crime cost Americans $8 billion last year, according to one survey, and that intellectual property theft worldwide in 2008 cost businesses up to $1 trillion while an estimated $132 billion was spent through e-commerce.

“America’s economic prosperity in the 21st century will depend on cybersecurity,” Obama said. “And this is also a matter of public safety and national security. We count on computer networks to deliver our oil and gas, our power and our water. We rely on them for public transportation and air traffic control. Yet we know that cyber intruders have probed our electrical grid and that in other countries cyber attacks have plunged entire cities into darkness…

“For all these reasons, it’s now clear this cyber threat is one of the most serious economic and national security challenges we face as a nation,” the president added. “It’s also clear that we’re not as prepared as we should be, as a government or as a country.”

But can (yet another) czar make a difference? The Christian Science Monitor notes that what may seem a no-brainer at first blush is a brainer:

But in doing so, he will be arranging a marriage between government and private industry when each might be happier staying single. Industry efforts to counter cyber attacks tend to be more effective than public efforts. And companies are wary of sharing their information with one another, let alone the government.

“We’ve developed an environment in which there is cooperation, but I think there is still a lack of trust,” says Neill Sciarrone, who was special assistant to President Bush for cyber security and information sharing.

Obama said he will develop a strategy without pushing onerous regulations on an industry wary of such intervention. He also sought to assure Americans that he does not support violating their own privacy to achieve his ends.

“Our pursuit of cyber security will not, I repeat, will not include monitoring private-sector networks or Internet traffic,” he said. “We will preserve and protect the personal privacy and civil liberties that we cherish as Americans.”

The administration will walk a fine line, says Mark Gerencser, senior vice president with Booz Allen Hamilton, a consulting firm in Washington, who participated in a cyber-attack “war game” in December with top Pentagon and Homeland Security officials.

“One of our clear findings was balancing privacy and security, and that has to be kept in mind,” he says. “Given our freedoms and liberties that we value so dearly, some security measures just won’t work.”

Making policy will not be easy, the Monitor’s piece notes:

The answer to cyber-security problems also lies in creating a policy in which offensive and defensive operations work together, experts say.

The US, Mr. Gerencser says, should be playing soccer – one set of players for both offense and defense. But instead, it’s playing football, using different players for different operations.

“The real problem is that cyber is one of those issues that affect private and public sectors,” he says. “The government can’t do it by itself.”

Yet the government has problems sharing information, raising questions about just who’s in charge, Ms. Sciarrone says. For example, the Pentagon protects all “dotmil” websites and e-mail networks, and the Department of Homeland Security is charged with protecting all “dotgov” entities. But for the most part, the two agencies aren’t well integrated to confront the problem.

Still, Gautham Negesh, writing in NextGov, says this is long overdue:

President Obama’s speech today and the release of Melissa Hathaway’s 60-day cybersecurity review are clear signals that cybersecurity is finally getting the attention it deserves, especially given its strategic importance to national security. As Obama said in his speech, technology now controls everything from our weapons to our water supply. Protecting our networks has become synonymous with protecting our borders. So why has it taken so long for the issue to reach the highest level?

As many cybersecurity experts have told me over the past couple years, almost everything worth taking from the government in terms of data has already been pilfered by hackers, organized crime and foreign governments. Everything from the design of our latest military aircraft to the president’s campaign Web site has been penetrated, phished, downloaded or shut down completely. And yet somehow the issue remained below the radar of past presidents. To some, today’s announcement is a bit like shutting the barn door after the horses have already been stolen.

As good news as this is for cybersecurity, the report still doesn’t clear up the turf war over who will have responsibility for securing federal networks, particularly with regards to offensive capabilities. There was no mention of the National Security Agency on Friday, beyond Obama’s assurance that the government would not be monitoring Internet traffic. Likewise, no mention was made of the Pentagon’s plan to create a new military command for cyberspace.

Still, he sees this as a big plus — and says Obama’s action and attitude are unprecedented…and a political landmine for the President:

Obama has done what no other president so far has been willing to do: shoulder the responsibility of protecting the nation from cyberattacks. Whereas in the past the attacks were either covered up or treated with a shrug, Obama has promised to make cybersecurity a national security issue and a management priority. While that’s certainly admirable, it also makes him accountable if, or rather when, the next massive data breach occurs.