President's Obama's notion of transparency in government apparently extends to cybersecurity.
Transparency in cybersecurity!? Do we want the bastards to know our every move? Threats and intrusion attemtps against banking networks, for example, are rising fast. Nearly half of the 56,000 cases of cyber wire fraud in the last dozen years occurred in the past two years. After all, that's where the money is. With the Smart Grid coming on line, the number of appealing cyber targets is expanding.
In many developing countries, cybersecurity isn't even illegal yet. Yikes. So we hardly want to telegraph our plans to cyber terrorists and disguntled and fired employees about how we'll catch them or better, discourage them.
Well, let's give new White House cybersecurity coordinator Howard Schmidt his say. He unveiled his top priorities yesterday at a the RSA Conference in San Francisco. He also posted his thoughts in a "Transparent Cybersecurity" post on his National Security Council blog.
"Transparency is particularly vital in areas, such as the CNCI, where there have been legitimate questions about sensitive topics like the role of the intelligence community in cybersecurity. Transparency provides the American people with the ability to partner with government and participate meaningfully in the discussion about how we can use the extraordinary resources and expertise of the intelligence community with proper oversight for the protection of privacy and civil liberties." he wrote.
The CNCI, by the way, is the Comprehensive National Cybersecurity Initiative which was posted on the White House web site yesterday. The CNCI was launched by President Bush in the last year of his presidency and has since been strengthened and massaged to work in transparency.
The good news is that White House has made cybersecurity a priority and hired a veteran like Schmidt in December (a job few wanted, by the way) to oversee battening down the cybersecurity hatches.
Whether transparency in cybersecurity is a good idea remains to be seen, but rule of thumb is that when the federal government does things in secret, abuses invariably occur. So I am willing to give transparency in cybersecurity a chance even though the oh-so-vague T word is oh-so-liberally thrown around.
A year ago, Obama acknowledged our cybersecurity defenses were inadequate and ordered a thorough policy review which recommended the hiring of a czar with regular access to the Oval Office. With civil liberties and transparency top of mind, the CNCI came up with three "mutually reinforcing" directions (don't you love government lingo....mutually reinforcing" seems so redundantly redundant.)
-- "To establish a front line of defense against today’s immediate threats by creating or enhancing shared situational awareness of network vulnerabilities, threats, and events within the Federal Government—and ultimately with state, local, and tribal governments and private sector partners—and the ability to act quickly to reduce our current vulnerabilities and prevent intrusions."
-- "To defend against the full spectrum of threats by enhancing U.S. counterintelligence capabilities and increasing the security of the supply chain for key information technologies."
-- "To strengthen the future cybersecurity environment by expanding cyber education; coordinating and redirecting research and development efforts across the Federal Government; and working to define and develop strategies to deter hostile or malicious activity in cyberspace."
To accomplish these, Schmidt's plan includes a dozen key intiatives from creating cyber counintelligence to consolidating myriad federal networks into a single enterprise with so-called "Trusted Internet Connections" or TICs for short. Public private partnerships, intrusion detection systems, cybersecurity R&D and education and other topics are covered in this sweeping document.
Most of the bases are covered. Now, Schmidt has to navigate the federal bureacracy in the full glare of transparency to pull it off.
Follow me on Twitter.