Below are select areas I highlighted from the 76 page Whitehouse Cyberspace Policy Review document. Throughout the document, the review shows that it is clearly in favor of a national awareness programs and special consideration for the development of information security specialists and information technology specialists. In 2007 at the Gartner Risk Conference when CISO's and CIO's were asked where they would like to spend additional funding, the primary answer was on information security education and awareness programs.
There was a mutual feeling among many specialists in the Information Security field that the suggestions on creating a cyberspace official did not quite go far enough to resolving complex problems in the public, private, and government space, there were a lot of people that had hoped this office would report directly to the President and were disappointed in the recommendations regarding this.
The Whitehouse Cyberspace Policy review documents can be found here:
White House Cyber Space Policy Review
Cyber Review Documents
The December 2008 report by the Commission on Cybersecurity for the 44th Presidency states the challenge plainly: "America's failure to protect cyberspace is one of the most urgent national security problems facing the new administration. The Present had ordered a "clean slate" review to asses U.S. polices and structures for cybersecurity. What is cyberspace according to the Presidential Directive 23 (NSPD-54/HSPD-23) defines cyberspace as the interdependent network of information technology includes, the internet, telecommunication networks, computer systems, embedded processors and controllers in critical issues."
The report estimates that in 2008 systemic loss of U.S. Economic value due to intellectual property data theft was nearly 1 trillion dollars.
"The President should consider appointing a cybersecurity policy official.
The cybersecurity policy official should not have operational responsibility or authority, nor the authority to make policy unilaterally."
"Many advisory bodies touch on cybersecurity-related issues, including the National Security and Telecommunications Advisory Committee (NSTAC), the
National Infrastructure Advisory Council (NIAC), the Critical Infrastructure Partnership Advisory Council (CIPAC), and the Information Security and Privacy Advisory Board (ISPAB). The cybersecurity policy official should review the responsibilities of these bodies and propose changes as necessary to optimize advice and eliminate unnecessary duplication."
"The cybersecurity policy official--in consultation with NSC, OMB, NEC, and OSTP--would define the milestones and success criteria and raise the visibility of cybersecurity within all agency budgets."
"The Nation should implement, for high-value activities (e.g., the Smart Grid), an opt-in array of interoperable identity management systems to build trust for online transactions and to enhance privacy. The public and private sectors' interests are intertwined with a shared responsibility for ensuring a secure, reliable infrastructure upon which businesses and government services depend."
"The Federal government, the private sector, and other stakeholders together should define technology-neutral performance and security objectives for future infrastructure, both to meet its own requirements as a consumer as well as in its capacity as a steward of the public interest."
"The Defense Advanced Research Project Agency (DARPA) describes defense of current Internet Protocol-based networks as a losing proposition and calls for an independent examination of alternate architectures."
Reference - DARPA Assurable Global Networking
Reference - Intrinsically Assurable mobile ad-hoc network (IAMANET)
"The Federal government--in collaboration with industry and the civil liberties and privacy communities--should build a cybersecurity-based identity management vision and strategy for the Nation that considers an array of approaches, including privacy-enhancing technologies. The Federal government must interact with citizens through myriad information, services, and benefit programs and thus has an interest in the protection of the public's private information as well. Increased use of on-line transactions involving financial, health, and commerce require a basis for building trust between the parties to a transaction."
Near Term Action Plan:
1. "Appoint a cybersecurity policy official responsible for coordinating the Nation's cybersecurity policies and activities; establish a strong NSC directorate, under the direction of the cybersecurity policy official dual-hatted to the NSC and the NEC, to coordinate interagency development of cybersecurity-related strategy and policy."
2. "Prepare for the President's approval an updated national strategy to secure the information and communications infrastructure. This strategy should include continued evaluation of CNCI activities and, where appropriate, build on its successes."
3. "Designate cybersecurity as one of the President's key management priorities and establish performance metrics."
4. "Designate a privacy and civil liberties official to the NSC cybersecurity directorate."
5. "Convene appropriate interagency mechanisms to conduct interagency-cleared legal analyses of priority cybersecurity-related issues identified during the policy-development process and formulate coherent unified policy guidance that clarifies roles, responsibilities, and the application of agency authorities for cybersecurity-related activities across the Federal government."
6. "Initiate a national public awareness and education campaign to promote cybersecurity."
7. "Develop U.S. Government positions for an international cybersecurity policy framework and strengthen our international partnerships to create initiatives that address the full range of activities, policies, and opportunities associated with cybersecurity."
8. "Prepare a cybersecurity incident response plan; initiate a dialog to enhance public-private partnerships with an eye toward streamlining, aligning, and providing resources to optimize their contribution and engagement."
9. "In collaboration with other EOP entities, develop a framework for research and development strategies that focus on game-changing technologies that have the potential to enhance the security, reliability, resilience, and trustworthiness of digital infrastructure; provide the research community access to event data to facilitate developing tools, testing theories, and identifying workable solutions."
10. "Build a cybersecurity-based identity management vision and strategy that addresses privacy and civil liberties interests, leveraging privacy-enhancing technologies for the Nation."
![Reblog this post [with Zemanta]](http://img.zemanta.com/reblog_e.png?x-id=9d33d275-2e19-4064-bda4-0ebe34d87e71)
![Reblog this post [with Zemanta]](http://img.zemanta.com/reblog_e.png?x-id=f2179a52-acbb-40c8-ae84-f7648a59b885)
![Reblog this post [with Zemanta]](http://img.zemanta.com/reblog_e.png?x-id=748a0e9e-5394-4503-9062-a44fa2f55524)
![Reblog this post [with Zemanta]](http://img.zemanta.com/reblog_e.png?x-id=ae1f7b7a-efa1-4e3d-9c77-7956e05bd963)
![Reblog this post [with Zemanta]](http://img.zemanta.com/reblog_e.png?x-id=4011c3f1-5552-4ee7-9262-2c11a7a6670f)
![Reblog this post [with Zemanta]](http://img.zemanta.com/reblog_e.png?x-id=7a9ab52b-d029-4154-b532-09175d3a9af8)
