As I reach the end of my first two months as Cybersecurity Coordinator, I wanted to highlight a few of the Administration’s recent accomplishments working in partnership with the private sector, and also preview some of our future activities. Some of the Government’s cybersecurity activities are already high-profile, like the recent National Level Exercise or our push for comprehensive cybersecurity legislation, but there is also substantial activity occurring outside of the spotlight. Both are needed if we are going to address the serious threats we face in cyberspace and capitalize on the exceptional opportunities cyberspace presents for governments, individuals, and U.S. businesses.
Like many tough issues, cybersecurity is a cross-cutting problem, affecting not only all Federal agencies, but also state and local governments, the private sector, non-governmental organizations, academia, and other countries. It is a national security, homeland security, economic security, network defense, and law enforcement issue all rolled into one. As a result, it takes a truly cross-cutting response to address the problem, with the public and private sector working collaboratively. Within the government and the private sector, many organizations will need to work together in new and sometimes initially uncomfortable ways. We will also need a combination of technical, policy, and legislative tools to respond.
Let me highlight a few recent initiatives where voluntary, cooperative actions are helping to improve the nation’s overall cybersecurity:
You likely already know that we are also working with Congress to update cybersecurity legislative authorities. There are many things that the Executive Branch can do with existing authorities, including some of the programs I just discussed. But, there are some things that require Congressional action. In particular, we urgently need legislation that enables both enhanced information sharing and the collaborative development of cybersecurity standards for the nation’s core critical infrastructure. The information sharing component is critical – government and the private sector both need access to more information than they currently have, under a framework with robust privacy protections. But information sharing alone is not enough. Our critical infrastructure is fundamental to our economy and our national security. This infrastructure needs hardened and resilient networks to cope with the threats emanating from cyberspace; one necessary component of this hardening is the adoption of minimum security standards. These standards must be developed in concert with industry and not be overly burdensome, but it will take incentives only available through legislation to make such a process viable.
This ongoing work lays an excellent foundation, but there’s more to be done. We will need to continue our efforts to make federal networks more secure and improve our ability to assist the private sector in protecting critical infrastructure. We must upgrade our ability to identify, categorize, and respond to threats in a timely and effective manner. We have to engage internationally with our partners, ensuring that the Internet retains its multi-stakeholder, open nature and remains an engine for economic growth. And we need to help shape the future of cyberspace, working towards a time when our computers and networks are secure right out of the box.
I look forward to this challenging work and the ongoing conversations needed to achieve our goals.
Michael Daniel is the White House Cybersecurity Coordinator.