1. The White House's cyber security strategy, unveiled today, is the first step in a years-long process to figure out how to contain the major, mind-bending series of problems associated with Internet security. One of the reasons for the vagueness is that the Obama administration isn't quite ready to settle the turf wars that are already being fought. Scott Charbo, a former top government IT security official who works for Accenture, says that a comprehensive approach "will require wholesale change [of] management efforts across the entire federal government at virtually every level of the various agencies and departments to be effective." A side note: as of today, the White House owns this problem.
2. The National Security Agency will play a significant role in domestic cyber security policy, which will probably necessitate a change in their charter and debated, controversial Congressional legislation. (The director of the National Security Agency, Lt. Gen. Keith Alexander is absent from today's roll-out; he will become the head of the Pentagon's new cyber command when it is unveiled later this summer.) The roll-out today does not provide guidance about the NSA's role. We don't know how much the Department of Homeland Security will do. (Obama promised that the government won't monitor corporate or individual e-mail traffic.)
3. The federal government will talk about defensive capabilities, but hundreds of millions of dollars and thousands of people will be thinking about how to use cyberspace against U.S. enemies, be they terrorist networks or countries. The government will create -- and probably already has created -- a dedicated, offensive cyberwar activity within the intelligence community. The morality of offense in cyber space is open to debate; it's not clear whether the Obama administration will sanction that debate publicly.
4. There is, and will be, a fundamental tension between the transparency of protocols needed to secure the homeland cyber space (individuals, corporations, local governments) and the intelligence community / military fetish for discipline, compartmented security, need-to-know rationales, etc.
5. Contractors will take a lead role in designing and implementing this strategy; oversight of the billions of dollars has to be considered a priority.
6. Already, stakeholders worry that the White House is starting off with a mistake by not giving the cyber security czar a better title, a bigger office and more direct authority. (Obama promised that his cyber security director "would have regular access to" him. (Reportedly, several potential czar candidates have taken themselves out of consideration because they worry they'll be hamstrung.) What stakeholders like? The White House acknowledges the economic dimension of the problem.
We want to hear what you think about this article. Submit a letter to the editor or write to email@example.com.