In February 2009, President Obama directed a 60-day review of the plans, programs and activities underway throughout the government that address communications and information infrastructure (i.e., cyberspace). The purpose was to develop a strategic framework to ensure that initiatives in this area are integrated, resourced and coordinated appropriately, both within the Executive Branch and with Congress and the private sector.

Taking a step backwards and acknowledging the inter-connectiveness of just-about-everything was an important step on the road to formulating some policies. What those policies are will be important for the whole world, not just the US. The fact is that your ability to buy a new book online from Amazon with one click also makes it easy for people to clean out your bank account or foreign aggressors to bring down your local power plant.

The review (read the whole thing here) makes 10 short-term action items:

1. Appoint a cybersecurity policy official (aka Cyber Czar) responsible for coordinating the Nation’s cybersecurity policies and activities, working within the NSC and NEC to coordinate interagency development of cybersecurity-related strategy and policy.
2. Prepare an updated national strategy to secure the information and communications infrastructure.
3. Designate cybersecurity as one of the President’s key management priorities and establish performance metrics.
4. Designate a privacy and civil liberties official to the NSC cybersecurity directorate.
5. Convene appropriate interagency mechanisms to conduct interagency-cleared legal analyses of priority cybersecurity-related issues.
6. Initiate a national public awareness and education campaign to promote cybersecurity.
7. Develop U.S. Government positions for an international cybersecurity policy framework.
8. Prepare a cybersecurity incident response plan.
9. Develop a framework for research and development strategies that focus on game-changing technologies that have the potential to enhance the security, reliability, resilience, and trustworthiness of digital infrastructure; provide the research community access to event data to facilitate developing tools, testing theories, and identifying workable solutions.
10. Build a cybersecurity-based identity management vision and strategy that addresses privacy and civil liberties interests, leveraging privacy-enhancing technologies for the Nation.

Phew!

Scamdex is all for making the Internet safer and is prepared to give up a little of the immense freedom we currently hold dear but if this just becomes a handover of ‘control’ to Government-backed special interests then it will be a cynical and sad exercise. A light touch is what is needed, not a hammer!

Melissa Hathaway, Cybersecurity Chief at the National Security Council, had something to add on her blog

… cyberspace underpins almost every facet of modern society and provides critical support for the U.S. economy, civil infrastructure, public safety and national security.

Protecting cyberspace requires strong vision and leadership and will require changes in policy, technology, education, and perhaps law. The 60-day cyberspace policy review summarizes our conclusions and outlines the beginning of a way forward in building a reliable, resilient, trustworthy digital infrastructure for the future. There are opportunities for everyone—individuals, academia, industry, and governments—to contribute toward this vision. During the review we engaged in more than 40 meetings and received and read more than 100 papers that informed our recommendations. As you will see in our review there is a lot of work for us to do together and an ambitious action plan to accomplish our goals. It must begin with a national dialogue on cybersecurity and we should start with our family, friends, and colleagues.

We are late in addressing this critical national need and our response must be focused, aggressive, and well-resourced. … Ensuring that cyberspace is sufficiently resilient and trustworthy to support U.S. goals of economic growth, civil liberties and privacy protections, national security, and the continued advancement of democratic institutions requires making cybersecurity a national priority.