President Obama presented the Cyberspace Policy Review today. The document reports on a changing direction of US cyber security policy under the new Administration. It is less about governance and more about "getting stuff done". The new policy has the potential to bring upon security practitioners interesting times of attention for our trade, acknowledgment of the necessity of our skills and maybe even the odd job opportunity here and there.
Much will depend on the person who will be chosen to fulfill the role of national cybersecurity coordinator and his ability to obtain true buy-in and commitment of the different government organizations.
Quotes like the following are encouraging to read:
"The architecture of the Nation's digital infrastructure, based largely upon the Internet, is not secure or resilient.
Research on new approaches to achieving security and resiliency in information and communication infrastructure is insufficient. The government needs to increase investment in research that will help address cybersecurity vulnerabilities while also meeting our economic needs and national security requirements.
International norms are critical to establishing a secure and thriving digital infrastructure.
Only by working with international partners can the United States best address these challenges, enhance cybersecurity, and reap the full benefits of the digital age"
The plan acknowledges that our networks are not secure, and that this inherent level of insecurity must be addressed by increasing efforts (read: spending) to conduct true fundamental research that is not limited to national boundaries. This is a vision that I can support and which makes me look to the future with a sense of anticipation.
Other writeups worth reading:
- Andrew Jacquith's view over at The Forrester Blog for Security & Risk Professionals
- Amrit William's view over at his blog.