Cyberspace could well become the biggest battleground of the 21st Century. It's not surprising then that the first "Internet President" has chosen to expend a good bit of intellectual capital and personal political currency to make securing the critical infrastructure that depend on the Internet and other digital networks a priority of his Administration.
Cybersecurity is rarely front and center on the minds of Internet users. The threat of a computer "worm" like Conficker or report of a brazen data theft from a state health database captures our attention, but for most of us, everything we know about cybersecurity we learned from the movies. But even as Matthew Broderick's "War Games" fades into the annals of cult-movie history, a darker, meaner, deadly serious threat waits in the tall grass at the edge of the Network.
The fact is U.S. private and public computer networks are under electronic siege every single day from spyware, malware, botnets, hackers and cyber-thieves. Both the Clinton and Bush Administrations recognized the importance of cybersecurity policy and each implemented their own particular plan. Still, U.S. cybersecurity efforts remain a patchwork of uncoordinated and conflicting policies, procedures and processes.
Getting cybersecurity right is no easy matter. It is easy to respond to the threats with a heavy hand, imposing new regulations on the Internet and undermining Internet freedom, innovation and privacy in the process. But getting it right demands leadership from the top and a more nuanced balanced approach.
Last week, the Obama Administration released a blueprint for moving forward on cybersecurity that seemed to hit all the right notes. The President, in a speech outlining his new cybersecurity policy, said we stand at "a moment in history when our interconnected world presents us, at once, with great promise but also great peril." To secure the promise of our interconnected world, Obama acknowledged the vast potential and importance of the Internet along with a strong commitment to protect it and do it all without sacrificing privacy, civil liberties or compromising security. Importantly, he promised to name a new "cyber czar" within the Executive Office to ensure focus, leadership and coordination from the top and he vowed to personally stay engaged in the issue.
Phil Bond, who served as under secretary for technology at the Commerce Department in the last Administration, told CongressDaily that Obama's personal commitment to cybersecurity set this plan apart from that of his predecessors in a "fundamentally different" way because he is "committed to being involved."
The report provides no "Easy Button" allowing the President to shut-off the Internet in a crisis and there is enough flexibility built into the new policy allowing government to carry out its recommendations without having to resort to heavy-handed regulations. Even more encouraging, the President stated emphatically: "Our pursuit of cybersecurity will not -- I repeat, will not include -- monitoring private sector networks or Internet traffic. We will preserve and protect the personal privacy and civil liberties that we cherish as Americans." And that commitment is backed up with a new privacy official to round out the cybersecurity leadership team and a commitment to involve civil liberties and privacy advocates in the decision-making process going forward.
To be sure, we have been offered these assurances before and been disappointed. But this is a President who understands the power of the Internet and its importance to our democracy. This is a President who is seeking to use new technology to increase transparency of government and civic engagement. And thus this is a President who understands what is at stake in getting cybersecurity policy right. The report is fairly high level and there is hard work ahead to turn vision into policy and practice. But on this particularly difficult issue, there is, dare I say it... hope.