Network News

X My Profile
View More Activity

Obama Administration Outlines Cyber Security Strategy

President Barack Obama's administration has sketched out a broad new strategy to protect the nation's most vital information networks from cyber attack and to boost investment and research on cyber security.

oaseal.JPG

The key points of the plan closely mirror recommendations offered late last year by a bipartisan commission of computer security experts, which urged then president-elect Obama to set up a high-level post to tackle cyber security, consider new regulations to combat cyber crime and shore up the security of the nation's most sensitive computer networks.

The strategy, as outlined in a broader policy document on homeland security priorities posted on the Whitehouse.gov Web site Wednesday, states the following goals:

* Strengthen Federal Leadership on Cyber Security: Declare the cyber infrastructure a strategic asset and establish the position of national cyber advisor who will report directly to the president and will be responsible for coordinating federal agency efforts and development of national cyber policy.

* Initiate a Safe Computing R&D Effort and Harden our Nation's Cyber Infrastructure: Support an initiative to develop next-generation secure computers and networking for national security applications. Work with industry and academia to develop and deploy a new generation of secure hardware and software for our critical cyber infrastructure.

* Protect the IT Infrastructure That Keeps America's Economy Safe: Work with the private sector to establish tough new standards for cyber security and physical resilience.

* Prevent Corporate Cyber-Espionage: Work with industry to develop the systems necessary to protect our nation's trade secrets and our research and development. Innovations in software, engineering, pharmaceuticals and other fields are being stolen online from U.S. businesses at an alarming rate.

* Develop a Cyber Crime Strategy to Minimize the Opportunities for Criminal Profit: Shut down the mechanisms used to transmit criminal profits by shutting down untraceable Internet payment schemes. Initiate a grant and training program to provide federal, state, and local law enforcement agencies the tools they need to detect and prosecute cyber crime.

* Mandate Standards for Securing Personal Data and Require Companies to Disclose Personal Information Data Breaches: Partner with industry and our citizens to secure personal data stored on government and private systems. Institute a common standard for securing such data across industries and protect the rights of individuals in the information age.

While it remains to be seen what resources the Obama administration may devote to these goals, it is an encouraging sign to see the new White House give the vital challenges of cyber security such prominence so soon.

By Brian Krebs  |  January 22, 2009; 9:40 AM ET
Categories:  Fraud , U.S. Government  
Save & Share:  Send E-mail   Facebook   Twitter   Digg   Yahoo Buzz   Del.icio.us   StumbleUpon   Technorati   Google Buzz   Previous: Apple's First 2009 Patch Batch Fixes 7 QuickTime Flaws
Next: Pirated iWork Software Infects Macs With Trojan Horse

Comments

"shutting down untraceable Internet payment schemes."

Slashbots are gonna go berk when they see that one. "OMG they're taking away our precious bodily fluids freedoms!

Posted by: wiredog | January 22, 2009 9:54 AM | Report abuse

Damn. Forgot the software here doesn't allow html markup in comments, so the "strike" tags around "bodily fluids" didn't work...

Posted by: wiredog | January 22, 2009 9:55 AM | Report abuse

The fundamental flow in the existing IT infrastructure is that it is based on technological solutions that are so complex that any meaningful risk assessment is impossible. In addition, an
attack by a fundamentally new computer virus or a new cyber crime scheme, devised by a trusted employee, comes as a complete surprise and has no known history. The possible impact and associated risks of such events are, therefore, unknown and cannot be managed. To keep stored information safe, all sources of all unpredictable risk factors must be eliminated completely. For more information on a solution that can actually guarantee data security and safety please go to www.dataGRIT.com

Posted by: spandas | January 22, 2009 12:55 PM | Report abuse


I guess that sometimes an apparent delay actually puts you out in the market at just the right time.

I just got a patent for a system for rapidly generating and deploying operating systems that run from read-only media such as CD-ROM or DVD-ROM.

No, I didn't get the patent on 'Live CD', I just got the patent on the ability to press out a stack of them all pre-equipped with "unique network identity", pre-configured IP addresses (IPv4 or IPv6), IPSEC internet security protocol (including VLAN tunnel/transport), and kerberos authentication/authorization ("Active Directory" in the MS world).

Let's see: Read-Only operating system can't get worms or viruses. Mass pre-configuration means that you could take a pallet full of laptops fresh out of the manufacturer's cartons, throw a CD/DVD into each one, boot them all, and "voila" you have an up-and-running Secure Mobile Office Network with multiple layers of authentication, authorization, and encryption. No hard drives required, but one might be good so you can have virtual-memory ("swap space").

With IPSEC and Network-Address Translation (NAT) the system should work with most internet service providers, in the so-called "Road Warrior" mode. However, the main application will be Secure Infrastructure Monitoring and Control computing, so probably the NAT traversal won't be required.

Imagine, if you're the guy in charge of monitoring dams or power stations, no more paying for bug-riddled or insecure Windows(tm), and then paying more and more and more for just a little bit of pretend-security. Now you'll be able to get the real deal, with little or no configuration or installation or maintenance on your part! Just drop in the CD/DVD and plug and play.

Little ol' me, doing my part for Homeland Security.

Posted by: thardman | January 22, 2009 2:31 PM | Report abuse

>>Read-Only operating system can't get worms or viruses.

Sure they can. They just can't get persistant ones.

Posted by: lseltzer | January 24, 2009 9:52 AM | Report abuse

Actually, even on a read-only OS an attack can be persistant if it uses a vulnerability to store the attack in a data file. I assume read only operating systems have access to read-write data storage?

Posted by: lseltzer | January 24, 2009 9:54 AM | Report abuse

I hope they're serious. We've seen distributed denial of service attacks used to disable to governments of Estonia and Georgia, the latter just before a military invasion. Many of us were warning of the potential use of DDoS attacks as a national security threat even earlier, when a massive DDoS on Blue Security by pissed-off spammers caused havoc for upstream providers in 2006.

There are lots of volunteers and private security firms tracking various botnets. The FBI announced "Operation Bot Roast" with the intention of disinfecting one million computers some time ago now. But still, where is the action? Who do you know whose computer was identified by law enforcement for disinfection?

Almost every spam in your inbox came from a hijacked computer, most of the spamvertised websites are hosted on hijacked computers, and a high percentage of those bots are on US networks. Why are spammers able to operate so openly without any serious attempt to disable their botnets? Those botnets aren't dedicated to penile enlargement spam; they're for rent to any criminal or terrorist with the cash to pay the hourly rate.

While it's great this blog put the heat on Atrivo and McColo and got them disconnected, where was law enforcement when "everyone" knew they were trouble? Instead of waiting for a predictable attack, then dealing with Y2K-like hysteria that will result, there needs to be a coordinated program for identifying infected computers and the botnet control mechanisms on an ongoing basis, and sequestering them from other internet users until they can be disinfected.

Posted by: AlphaCentauri | January 25, 2009 9:07 PM | Report abuse

Brian, the new administration's strategy statement is great news. I'd like to differ from your point that it closely mirrors the 2008 bipartisan recommendations. At the highest level, yes, they are about the same goals, but the Obama strategy uses civilian language whereas the bipartisan recommendations use strongly military/intelligence language, to the point where they seem embedded in a "cyberwarfare" worldview. It would be characteristic of the Obama administration to express a broader worldview.

Posted by: alicezzon | January 26, 2009 12:35 PM | Report abuse

The comments to this entry are closed.

 
 
RSS Feed
Subscribe to The Post

© 2010 The Washington Post Company