The next Osama bin Laden may not be one bearded man hiding in a walled fortress but instead a group of highly skilled, faceless men behind computers. Cyberterrorism, while still largely science fiction, lurks around the corner as growing accounts of logic bombs in U.S. networks and cases of software that can cripple power plants continue to put the U.S. government in defensive mode. While we've made progress, such as establishing new positions within government for Cybersecurity Coordinator, aka Cyber Czar, and Commander of U.S. Cyber Command, aka CYBERCOM, there still exists a great need for a framework under which to view ongoing organic global change in the Internet and resources for responding to that change. In response, the White House this past week introduced to major policy documents.
The first, a large-scale, wide-ranging and detailed Cybersecurity Legislative Proposal, encompasses the work of Hill offices from the past two years as well as work on the part of the Administration, and combines some of the most needed provisions all in one place. It tackles difficult issues like infrastructure protection, personnel expansion, law enforcement improvements, data breach reporting, intrusion prevention systems and partnerships between the U.S. government and private sector organizations.
The second major document, released Tuesday, outlines the U.S. International Strategy for Cyberspace. A major step in emphasizing the president's commitment to continuing to advance the global evolution of the Internet and online freedoms, while supporting existing national security goals. "This is truly a monumental effort," Secretary Locke emphasized at the White House announcement event. Locke joined Secretary Clinton, Secretary Napolitano, Attorney General Holder, Cyber czar Howard Schmidt and others in heralding this wide-reaching strategy.
It's no accident that Wikileaks, Stuxnet and the Arab Spring all took place within the past year. Growth of the Internet, pervasive mobile technology use around the world and the evolution of new media emphasize the massive shift of commerce and communications online. While this may have began with a small government-sponsored academic project (ARPANET) around the time of the Apollo space missions, now the net/web/Internet/cyberspace has become ubiquitous and relied upon by people and businesses worldwide. The Obama White House may not be the first to recognize the Internet's importance, but as we witnessed the Obama campaign's success online, it's quite possible this new strategy reflects upon that experience as well as the occurrences earlier this year.
Washington is now abuzz about cyberspace (likely a surprise to William Gibson, the science fiction author who coined the term 25 years ago). While most senior administration officials may still stumble slowly over terms like "Denial-of-Service Attack," they proudly tout 'cyber' as an item of importance. 'Cyber' has become not just a prefix, but a noun and an adjective in its own right. People on the Hill and in the military speak in terms of cyber as the cutting edge, the online universe, the need for security, promise of innovation. They even refer to one person involved with these policies as "chief cyber diplomat."
While that may be funny to those of us who have lived online for nearly thirty years, these policymakers are dead serious. And it's about time. While other countries released policies and drafted legislation protecting the Internet 15 years ago, the U.S. has consistently been behind on developing policies that mirror those of our allies. The piecemeal approach has led to problems, and the solutions have been the center of arguments across and within parties. Luckily, while these two big documents set a new precedent for commitment and a serious view on Information & Communications Technology (ICT) issues, these documents came from a great deal of research and experimentation with previous bills and discussions within agencies, NGOs, corporations and other stakeholders.
The next step is for the Senate to take the cybersecurity legislative proposal and develop it into something that can be officially discussed in coming months, ideally crafted into a more robust bill that can be passed there and sent to the House. As to the broader cyberspace strategy, the partner agencies will now need to adjust more of their actions and expectations accordingly, even though they have already been moving in the direction described in the strategy for a while. This is just the beginning, but it does look as if the White House means business from here on out in terms of their Internet agenda.