Expert: Obama's cybersecurity response disappointing in scope

President Barack Obama's announcement today (May 29) that he will create a cybersecurity coordinator in the White House with responsibility for information security is a step in the right direction, but more has to be done to protect America's network infrastructure from attacks, according to an Indiana University cybersecurity expert.

Fred H. Cate, a professor in the IU Maurer School of Law and director of the Center for Applied Cybersecurity Research, said Obama's announcement -- which coincides with the release of a 60-day cybersecurity review -- will help ensure America's digital infrastructure is secure.

"But it is only a first step," Cate cautioned.

Cate and the CACR contributed comments to the 60-day review, which was ordered by Obama in February. Its release was delayed six weeks over reported disagreements within the administration over how the new cybersecurity position would be managed.

Since then, significant data network breaches have occurred across the country, including attacks on the Joint Strike Fighter project's networks, hackers from China and Russia infiltrating the U.S. electrical infrastructure, and thieves demanding $10 million in ransom for the return of personal health data stolen from a Virginia state government Web site.

"We have become increasingly aware of how vulnerable those types of systems are to attack and how urgent the need is to secure them through an almost daily disclosure of major incursions into our information networks and sensitive data," Cate said. "Bold, strategic leadership and a significant investment of resources -- financial and otherwise -- are necessary to make our information and the systems that process it more secure.

"The president's announcement today reflected a clear understanding of how critical information systems are to our economy and our lives, but the plan for moving forward lacked the sense of urgency that the vulnerability of those systems and the wide range of pressing threats require," Cate said.

To secure those systems, Cate urged the White House and Congress to:

• Create better incentives, including adopting regulations, to encourage companies to take the obvious steps to protect data and information systems.
• Modernize privacy law so that individual privacy isn't eviscerated, as well as public support, in the quest for stronger security.
• Prioritize threats, responses and resources, so we do a better job of anticipating, not merely responding to, cyber threats and vulnerabilities.
• Invest in cybersecurity research and deployment "like we mean it."

"Today's announcement is only a beginning," Cate said. "The president is going to have to do more, and more quickly, if we are to catch up — much less get ahead — in the race to secure our nation's most critical resources from attack."

Cate is a Distinguished Professor and the C. Ben Dutton Professor of Law at the IU Maurer School of Law. IU is considered a leader in information assurance. The National Security Agency has designated the university as both a National Center of Academic Excellence in Information Assurance Education and a National Center of Academic Excellence in Information Assurance Research.

Provided by Indiana University (news : web)