Here are some of the main points of the document:
- Establish a person in the White House who’s responsibility it is to report to the president on matters of cyber security (cyber czar position)
- Review the laws and policies that are currently in place and issue more by tying the position into congress.
- Increase public awareness about the risks of the Internet
- Increase public education about how to be secure when conducting Internet activities.
- Expand federal IT workforce (A.K.A. The government needs to pay more)
- Executives need to be more aware of cybersecurity.
- Government and Private Sector need to work together.
- Laws regarding “collusion” need to be relaxed so that companies can work together more. (Scary Thought)
- Work with International Governments to form jurisdiction lines.
- Build a framework for incident response.
- Enhance information sharing across government bodies for better incident response handling.
- Improve Cybersecurity across all infrastructures
The policy review should upset anyone in security field. It points things out the obvious. I expect much more from our National Security Council. Metaphorically, this paper is like taking your car to a mechanic and asking for a full diagnostic for the health of your vehicle. After 2 weeks, you come back and the mechanic gives you a piece of paper with the phrase, “Your Car is Black.”
This review is a complete miss from a security standpoint. Hopefully, it will bring awareness to multiple parties on what needs to get done, but it doesn’t help to fix anything.
Government was designed to move slow. The founders of this country did not want the government to make any hasty decisions, hence bureaucratic red-tape. The Internet on the other hand is designed to move very fast. As soon as something becomes popular on the Internet, the next thing is being developed.
It is hard to comprehend a government body that would be able to keep pace with the Internet. In fact, as soon as the policy review was completed, the Internet has already changed.