The White House today released the report from the 60-day cybersecurity review the President ordered in February. Speaking to a packed audience in the East Room, President Obama outlined the broad range of threats facing the digital infrastructure, focusing not only on national security and organized crime attacks, but also on identity theft and incursions into individual privacy.
He promised a “new comprehensive approach to securing our nation’s infrastructure,” including appointment of a White House cybersecurity coordinator reporting to both the National Security Council and the National Economic Council. The coordinator would have broad responsibilities, but little direct authority, although the President did promise that the coordinator would have access to him.
The President also indicated that he would be appointing a privacy and civil liberties official reporting to the new cybersecurity coordinator.
The President cautioned, however, that dealing with cybersecurity issues would take time. “Protecting our prosperity and security in this globalized world is going to be a long, difficult struggle demanding patience and persistence over many years. But we need to remember: We’re only at the beginning. The epochs of history are long—the Agricultural Revolution; the Industrial Revolution. By comparison, our Information Age is still in its infancy.”
The President did not say who would be the new coordinator, nor did he provide a timeline for naming the new officials.
Today’s announcement is obviously a significant step towards a broader, higher priority approach from the federal government towards the growing problem of securing information and the systems that process it. While the President stressed that the new approach would include the private sector, he said that the government would not be telling the private industry how to go about securing their infrastructure, nor would the government engage in information monitoring.
According to published press reports, release of the cybersecurity report was delayed six weeks over disagreements within the administration over how the new cybersecurity position would be managed. That delay, the decision not to name the new coordinator, the tone of the President’s announcement, and the tools for fighting cyberattacks that he appeared to rule out suggest that while the administration’s response is serious, it is not necessarily as urgent as some experts have sought.