Cybersecurity hits the limelight—why DC is scared

By Kevin Welch

White House Cybersecurity Coordinator Michael Daniel is the expert on this issue within the Administration. He argues that the issue has reached the senior-most level of government debate, with recent hacks of the New York Times and Twitter, among others, causing an uproar in Washington for action.

Since there is a such urgency, entrepreneurs should assume something like CISPA will pass, barring extraordinary circumstances, and take action to make sure whatever bill passes actually addresses the problem and does so in such a way to protect user privacy.

The White House prioritizes five key areas to take action on:

  1. Protect critical infrastructure.
  2. Respond to cyber incidents in a timely manner.
  3. Establish international cyberspace norms.
  4. Improve federal network security.
  5. Looking to the future, moving beyond just usernames and passwords and having security built in by default.

When it comes to cybersecurity legislation that failed last year, Daniel’s stance is that the cyberattacks and the mainstream news reports on them will change the political dynamics this go-around.

This entry was posted in PolitiHacks analysis and tagged , , , , . Bookmark the permalink.

4 Responses to Cybersecurity hits the limelight—why DC is scared

  1. 5th says:

    But is cybersecurity really an issue that DC needs to get directly involved in? Improving federal network security is clearly something they can do, but in what way could responding to incidents relating to private companies’ network/data security help? Shouldn’t it be up to any given company to secure their own networks and data?

    • PolitiHacks says:

      Yep, that was one of the primary arguments against the bill last year. This year, the President wrote an executive order mandating federal agencies to reach a certain minimum baseline of network hardening. Private companies are excluded.

      CISPA itself is only intended to promote information sharing, rather than improving network security. So the consensus is that you’re right, that DC doesn’t (and therefor shouldn’t) need to be directly involved. The proposals are for DC to serve as a common point of pooling of threat vectors and the like so that private companies can adapt to changing threats based on the experiences of all rather than their own limited experiences. The counter-argument is that McAfee, Symantec, and the like do this for viruses already, so there’s a proven model for private information pooling on network intrusions as well, spreading patches against zero-day exploits and the like.

      • 5th says:

        Oh, well that sounds reasonably fair. CISPA and similar bills are bad enough though, perhaps somewhat naïvely I categorically oppose anything of the kind. Unfortunately, I don’t have much of a say, not being a US citizen 🙂

        In an ideal world, I guess it would be a good idea to have the government act as a central hub for gathering and spreading information about threats, but as it stands the government may well (and already does) use their power to collect all sorts of information for purposes that don’t have to do with threats as average person would see it.

      • PolitiHacks says:

        Yep, you’ve summarized the good and the bad with CISPA in a nutshell. Real problem, reasonable response, but no trust that individuals within the government won’t use the fuzzy authorizations for evil.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s