{"id":7,"date":"2009-01-12T09:18:28","date_gmt":"2009-01-12T14:18:28","guid":{"rendered":"http:\/\/blogs.law.harvard.edu\/internetahead\/?p=7"},"modified":"2009-01-12T09:18:28","modified_gmt":"2009-01-12T14:18:28","slug":"cybersecurity","status":"publish","type":"post","link":"https:\/\/archive.blogs.harvard.edu\/internetahead\/2009\/01\/12\/cybersecurity\/","title":{"rendered":"Cybersecurity"},"content":{"rendered":"<p>Cybersecurity is an important field of national security with which the Obama administration must contend.\u00a0 Currently, the United States government is extremely unprepared for any kind of cyber attack.\u00a0 In his 2008 Annual Threat Assessment <a href=\"http:\/\/www.govexec.com\/dailyfed\/0308\/030608bb1.htm\" target=\"_blank\">testimony<\/a>, Director of National Intelligence Mike McConnell finally acknowledged the importance of cybersecurity, but admitted that the country is &#8220;not prepared to deal with it.&#8221;<\/p>\n<p>This comment was certainly reinforced by a recent &#8220;cyberwar&#8221; <a href=\"http:\/\/www.reuters.com\/article\/technologyNews\/idUSTRE4BI00520081219?sp=true\" target=\"_blank\">simulation<\/a> conducted by U.S. government and industry representatives this past December.\u00a0 In the simulation, officials had to contend with a surge in computer attacks at a time of economic instability\u2014a not unlikely scenario in today&#8217;s world.\u00a0 However\u2014despite Bush&#8217;s recent cybersecurity initiative that attempted to address this exact kind of situation\u2014the game participants committed planning and communications errors and failed to properly reduce the damage done by the attacks.<\/p>\n<p><!--StartFragment--><!--StartFragment--><!--StartFragment-->Luckily, President-elect Obama has already vowed to strengthen the nation&#8217;s cyber infrastructure in a number of ways.\u00a0 In a <a href=\"http:\/\/change.gov\/agenda\/homeland_security_agenda\/\" target=\"_blank\">position pape<\/a>r on his website, Obama makes some of the following promises:\u00a0 To &#8220;strengthen federal leadership on cyber security&#8221; by appointing\u00a0 a national cyber advisor to coordinate and articulate national policy, to develop new and more secure hardware and software, to establish new IT standards for cyber security and physical resilience, and to prevent corporate cyber-espionage in order to protect the nation&#8217;s trade secrets. \u00a0<\/p>\n<p><span>These initiatives are all good starting points for the improvement of cyber security; however, Obama&#8217;s recommendations are fairly generic and fail to articulate how he will build upon the work done during the Bush Administration.\u00a0 After Chinese hackers managed to steal e-mail data from the Pentagon&#8217;s server in 2008, President Bush enacted a new <a href=\"http:\/\/www.newsweek.com\/id\/119902\/\" target=\"_blank\">Cyber Initiative<\/a> (Presidential Directive 54)<\/span>.\u00a0 The initiative is a multiagency project that will create a new monitoring system for federal networks and that will also allow for data exchange with the private sector.\u00a0 Additionally, the Cyber Initiative will implement new smart-cards for employees and contractors (over the next few years) and will upgrade federal networks to a more secure IPv6 protocol.\u00a0 As President, Obama should improve upon these projects and remove some of the secrecy surrounding Bush&#8217;s Initiative.\u00a0 In this way, citizens can be assured that they will be protected at the same time that their privacy rights are protected, and the private sector can better cooperate with the government in order to prevent a security flaw or attack.<\/p>\n<p>Other individuals and groups have also made some suggestions for the Obama administration that are worth noting.\u00a0 We believe that one of the most important of these is also one of the most basic:\u00a0 Obama needs to delink the connection that exists between federal cybersecurity efforts and the Bush war on terror.\u00a0 This <a href=\"http:\/\/www.infoworld.com\/article\/08\/12\/01\/Challenges_await_Obama_in_bid_to_build_up_security_1.html\" target=\"_blank\">recommendation<\/a>, made by Gartner analyst John Pescatore, seems pertinent.\u00a0 In the post 9\/11 world, the Bush administration has been overly concerned with the overall direction of the war on terror and has failed to address the more immediate threats to the federal cyber infrastructure. \u00a0<\/p>\n<p>Several <a href=\"http:\/\/www.csis.org\/media\/csis\/pubs\/081208_securingcyberspace_44.pdf\" target=\"_blank\">suggestions<\/a> made by the Center for Strategic and International Studies (CSIS) could also help guide the Obama administration.\u00a0 The CSIS Commission on Cybersecurity states that the acronym DIME\u2014diplomatic, intelligence, military, and economic\u2014should guide the new President, along with an emphasis on law enforcement.\u00a0 In other words, a cybersecurity program needs to be comprehensive and multi-dimensional in order to effectively ward off cyber attacks. \u00a0 Such a program would\u00a0 require central coordination; the Commission suggests creating a new office for cyberspace in the Executive Office of the President.\u00a0 Perhaps Obama&#8217;s proposed national cyber advisor could direct such an office, ensuring communication and cooperation with homeland security agencies (NSA, CIA, etc.) and technology agencies (perhaps the CTO&#8217;s office, if\/when it is created) alike.<\/p>\n<p><!--StartFragment--><!--StartFragment-->In addition, the CSIS recommends that the government buy only secure products.\u00a0 As the largest single customer of information technology, the U.S. is extremely vulnerable to product flaws, the smallest of which could be devastating to national security.\u00a0 With such a policy in place, combined with promises to build the government&#8217;s relationship with the private sector, the Obama administration would be significantly less exposed to attacks (such as the one that occurred last year).\u00a0 Combined with better authentication of digital identities, cyber infrastructure will be much safer in the U.S.<\/p>\n<p>While all of the above-mentioned initiatives would greatly improve cybersecurity in the United States, one important caveat must be made:\u00a0 Privacy rights must be preserved.\u00a0 One can easily get caught up in the wonders of new technology or security initiatives, but civil liberties are one of the most fundamental values articulated in the U.S. Constitution and must be considered before implementing any new program.\u00a0 As we have mentioned in previous posts, the NSA&#8217;s warrantless wiretapping was a blatant and unnecessary intrusion on privacy rights, and should never occur again. \u00a0<\/p>\n<p>This warning is particularly applicable if the U.S. government begins to work more closely with the private sector.\u00a0 While we fully encourage the government to coordinate with private companies, there should be clearly articulated rules and guidelines that limit what information can be shared.\u00a0 Such a request is not unreasonable.\u00a0 In fact, it is merely a matter of openness and oversight:\u00a0 A new cyberspace office would be able to monitor data sharing and coordination, and would be able to maintain the delicate balance between civil liberties and national security.\u00a0 Hopefully, President Obama will be aware of this need when constructing a more detailed vision for cybersecurity and will learn from the mistakes of the secretive Bush administration.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Cybersecurity is an important field of national security with which the Obama administration must contend.\u00a0 Currently, the United States government is extremely unprepared for any kind of cyber attack.\u00a0 In his 2008 Annual Threat Assessment testimony, Director of National Intelligence Mike McConnell finally acknowledged the importance of cybersecurity, but admitted that the country is &#8220;not [&hellip;]<\/p>\n","protected":false},"author":2003,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-7","post","type-post","status-publish","format-standard","hentry","category-uncategorized"],"jetpack_featured_media_url":"","_links":{"self":[{"href":"https:\/\/archive.blogs.harvard.edu\/internetahead\/wp-json\/wp\/v2\/posts\/7","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/archive.blogs.harvard.edu\/internetahead\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/archive.blogs.harvard.edu\/internetahead\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/archive.blogs.harvard.edu\/internetahead\/wp-json\/wp\/v2\/users\/2003"}],"replies":[{"embeddable":true,"href":"https:\/\/archive.blogs.harvard.edu\/internetahead\/wp-json\/wp\/v2\/comments?post=7"}],"version-history":[{"count":0,"href":"https:\/\/archive.blogs.harvard.edu\/internetahead\/wp-json\/wp\/v2\/posts\/7\/revisions"}],"wp:attachment":[{"href":"https:\/\/archive.blogs.harvard.edu\/internetahead\/wp-json\/wp\/v2\/media?parent=7"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/archive.blogs.harvard.edu\/internetahead\/wp-json\/wp\/v2\/categories?post=7"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/archive.blogs.harvard.edu\/internetahead\/wp-json\/wp\/v2\/tags?post=7"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}