As Bruce Springsteen once sang, “you can’t start a fire without a spark.” With this in mind, President Obama issued an executive order on cybersecurity this week. Will this truly be a spark? To answer that question, it is worthwhile to start by describing what the executive order does. There are really three main points as the order: 1. Directs the Federal government (primarily DHS) to create a program for sharing non-classified cybersecurity intelligence with the private sector. 2. Asks NIST to create a set of standards and best practices for cybersecurity. 3. Suggests that the Feds create incentives to encourage private organizations to invest in cybersecurity. So will this executive order actually do anything or is it a day late and a dollar short? Well in a recent research survey, ESG asked 244 security professionals working at enterprise organizations (i.e. over 1,000 employees) what actions the Federal government should take in response to the wave of cyber attacks and Advanced Persistent Threats (APTs). Here is a comparison between the ESG research data and the executive order: • 45% of enterprise security professionals said that the Federal government should, “create better ways to share Federal and law enforcement security information with the private sector.” While there is still some work to do on the framework and process, the executive order nailed this one. • 41% of enterprise security professionals said that the Federal government should, “coordinate an APT task force composed of government cyber security experts, security researchers, and security technology vendors.” Hmm, good idea and this is certainly happening on an informal basis but there is no task force associated with the executive order. • 40% of enterprise security professionals said that the Federal government should, “enact more stringent cybersecurity legislation along the lines of PCI DSS.” The President suggested this as a next step – are you listening on Capitol Hill? • 35% of enterprise security professionals said that the Federal government should, “use diplomatic means to address APTs in the international community.” Important step but not part of the executive order. • 35% of enterprise security professionals said that the Federal government should, “provide funding for advanced research and development around cybersecurity.” While the President talked about investing in education, he did not make a specific recommendation as it relates to cybersecurity. Perhaps this shouldn't be part of an executive order but still a missed opportunity. • 34% of enterprise security professionals said that the Federal government should, “provide incentives to organizations that invest in cybersecurity.” He shoots, he scores – although this was a suggestion rather than a mandate. • 27% of enterprise security professionals said that the Federal government should, “provide funding for cybersecurity professional training and education.” Again, this fits with the general themes of the President’s position but the executive order does not do anything here. I believe it was Hunter S. Thompson who said, “Half of life is just showing up.” With his executive order this week, President Obama finally showed up and drew a line in the cybersecurity sand. So what’s next? Over the next few months will see if the President and Congress build upon this action or whether they continue dancing in the dark.
What happens next? When? Will we see further action, or inaction, and by whom?
What President Obama CAN Do About CybersecurityNext Post next
The Curse of Compliance
Five practical considerations for a private cloud project that can be the basis for larger-scale...
Knowledge worker effectiveness has emerged as a top priority to both optimize the customer...
National Security Agency is building its private cloud on commodity hardware, open source software
Shellshock/Bash bug exploits can force compromised servers to act as bots and, depending on the types
Among computer science grads, alumni from University of California, Berkeley, led the pack with a
Many banks with less than $50 billion face a problem that payment systems like Apple Pay will make even
Red Hat CEO Jim Whitehurst says applications now outweigh infrastructure and how to best approach
Microsoft is discussing the future of Windows Tuesday at which time it could make public some of these
More and more people are looking for Wi-Fi connectivity, especially at public venues -- on their