Obama’s cyber security plan lacks muscle: Experts

President Barack Obama’s directive last night requiring federal agencies and critical infrastructure owners to collaborate in reducing cyber risks is a good start but has some weak spots, according to security experts.

Obama’s cyber security order was announced Tuesday night during his State of the Nation address. The order requires federal government agencies to share cyber threat and vulnerability information with each other and with private companies. It calls for the creation of two national critical infrastructure centres to be operated by the Department of Homeland Security to focus on physical infrastructure and on cyber infrastructure security.

The centre will be responsible for collecting, analyzing and disseminating threat information. The DHS centres will recommend prevention and mitigation measures from critical infrastructure prior to and during a cyberattack as well as assist in incident response and restoration efforts.

Some contents of Obama’s executive order are similar to those of a 2012 Cyber Security Act backed by the White House but still stuck in the Senate over objections from Republican law makers who see it as giving to much enforcement power on the DHS.

“We know how hackers steal people’s identities and infiltrate private emails,” Obama said in his speech. “Now our enemies are also seeking the ability to attack our power grid, our air traffic control system. We cannot look back years from now and ask why we did nothing to face real threats to our security and our economy.”

The effectiveness of the DHS centre will depend on the quality of threat information the government can share with private companies, said Lawrence Pingree, analyst for Gartner, in an interview with Computerworld.com.

RELATED CONTENT

Ottawa to spend $155 million on cyber security
Report: Canada’s cyber security falling short

The final version of the order was weaker that the draft version, according to Allan Peller, research director for the SANS Institute. He said draft versions of the order required businesses to develop voluntary practices for cyber security and assigning regulatory agencies to enforce them. The final version, Peller said, did not contain this provision.

The Financial Services Roundtable, which represents 100 of the largest financial companies in the U.S., also said the order needs legislation and bipartisan Congressional action is needed “to affect additional fundamental improvement.”

In Canada, the Auditor General’s report last year said the country’s cyber security is falling behind the times.

“We noted that the 2010 Cyber Security Strategy does not yet have an action plan to guide its implementation,” the report said. “The lack of plan makes it difficult to determine whether progress is on schedule and whether its objectives have been met.”

The Harper government said it will spend $155 million to boost federal online protection.

The money, to be spent over the next five years, will reinforce federal IT infrastructure and improve detection of cyber threats, According to Vic Toews, Public Safety minister.
Read the whole story here



Related Download
A Guide to Print Security for Canadian Organizations Sponsor: HP
A Guide to Print Security for Canadian Organizations
IT security vulnerabilities are a growing cause for concern for organizations trying to protect their data from printer breaches.
Register Now