Home Podcasts Videos Guest Posts Q&A My Take Bio Contact
 

Obama watch

 

Obama’s cybersecurity order fosters intelligence sharing

SEATTLE – President Obama on Tuesday issued an executive order designed to get the federal government and private companies working more closely to protect the nation’s critical infrastructure against cyberattacks.

The widely expected directive was signed just before the president’s State of the Union address. It was prompted by Congress’ failure to pass cybersecurity laws that would compel companies to share information about cyberattacks with federal authorities.

“After the failure of comprehensive cybersecurity legislation last year, the need for immediate executive action was clearly apparent, and I applaud the President for taking on this difficult task,” says Rep. Jim Langevin, D-RI.

Obama assigned the National Institute of Standards and Technology (NIST) to lead development of a framework for voluntary information sharing aimed at stemming cyberattacks on water and power plants and other critical systems. A senior White House official, who briefed reporters prior to the president’s speech, said the order was “not a substitute” for new cybersecurity laws, which are still needed.

Jody Westby, CEO of consultancy Global Cyber Risk, says wider sharing of intelligence about what criminals and spies are doing is a good thing. But Westby worries that NIST, in particular, could develop an unwieldy framework of mandatory standards for critical infrastructure companies.

“This sort of overreaching by the president could result in numerous legal challenges over his ability to usurp the powers of the legislative branch,” Westby says.

Chris Bronk, fellow of information technology at Rice University, says voluntary standards implemented by federal agencies will only go so far. “All you’re doing is leaving it to the agencies to reallocate existing resources,” he says. “It (the order) basically just asks for a lot of planning and reporting about what to do next.”

Pravin Kothari, CEO of encryption company CipherCloud, for one, is optimistic that the president’s directive will foster collaboration and data sharing. “Bringing key industry sectors and the government to the same table will enable our … more

Obama ready to issue cybersecurity executive order

SEATTLE — Reaction to an impending cybersecurity executive order could be as polarized as the debate that hog-tied Congress from enacting new laws to assure basic Internet safety.

President Obama is expected to release a cybersecurity executive order on Wednesday, the day after his annual State of the Union address, according to a report in The Hill. The online publication cited two people familiar with the matter. White House spokesperson Caitlin Hayden refused to comment.

Asked at a press briefing Monday whether Obama will speak about cybersecurity in the State of the Union, White House spokesman Jay Carney declined to get into specifics. “You know that the President believes that cybersecurity is a very important issue,” Carney told reporters. “It represents a huge challenge for our country. He has called on Congress to take action. Unfortunately, Congress has thus far refused legislatively.”

Harriet Pearson, a privacy and information Management attorney at law firm Hogan Lovells observes that “last year there was a wide-open door for cybersecurity legislation, but Congress tried to fit a truck through.”

Pearson credits the Obama Administration for seeking “considerable input to develop the Executive Order.The deliberative process is a good sign for a complex topic like this one.”

The order is expected to establish a critical infrastructure cybersecurity council manned by the U.S. Department of Homeland Security, staffed by members of the departments of defense, justice and commerce, and national intelligence office, according a preliminary draft leaked in September.

The council will draw up rules for federal agencies to propose new regulations, or broaden existing ones, including criteria for the sharing of data between private corporations and the federal government.

The Department of Homeland Sercurity and the National Institute of Standards and Technology are likely to play key roles promoting collaboration between key industry sectors and the government.

“Information sharing between the government and private companies needs to increase, to improve the cybersecurity ecosystem overall” says … more

Will Congress make Obama’s Privacy Bill of Rights law?

Getting a divided Congress to pass any hard-edged privacy legislation is the next big hurdle President Obama faces in getting his Consumer Privacy Bill of Rights made the law of the land.

“We urge the Administration to ensure that it carries out this process in a fair and transparent manner, and that consumer voices are heard and acted on,” Susan Grant, Director of Consumer Protection at Consumer Federation of America, adds:

In an unusual move, the White House convened a press conference at 4:30 p.m. Eastern on Wednesday to announce the details, imposing an embargo – which all media outlets accepted without question – to midnight. Here are the seven rights:

Individual Control: Consumers have a right to exercise control over what personal data organizations collect from them and how they use it. Transparency: Consumers have a right to easily understandable information about privacy and security practices. Respect for Context: Consumers have a right to expect that organizations will collect, use, and disclose personal data in ways that are consistent with the context in which consumers provide the data. Security: Consumers have a right to secure and responsible handling of personal data. Access and Accuracy: Consumers have a right to access and correct personal data in usable formats, in a manner that is appropriate to the sensitivity of the data and the risk of adverse consequences to consumers if the data are inaccurate. Focused Collection: Consumers have a right to reasonable limits on the personal data that companies collect and retain. Accountability: Consumers have a right to have personal data handled by companies with appropriate measures in place to assure they adhere to the Consumer Privacy Bill of Rights.

Watering down

“The real question is how much influence companies like Google, Microsoft, Yahoo and Facebook will have intheir inevitable attempt to water down the rules that are implemented and render them essentially meaningless,” says John Simpson, spokesman for Consumer … more

Obama calls for a Consumer Privacy Bill of Rights

By Byron Acohido, USA TODAY, 23FEB2012, P1B

The White House on Wednesday unveiled a strongly worded “Consumer Privacy Bill of Rights’’ as the linchpin for a drive to get Congress to pass new laws protecting consumers privacy as they surf the Internet.

The announcement came as Maryland Attorney General Douglas F. Gansler and attorneys general from 35 other states sent a letter to Google complaining about a new privacy policy which will give the search giant greater latitude to track people using computers and mobile devices, with no way to opt out of being tracked.

One of the seven privacy rights, unveiled at a press conference by Commerce Secretary John Bryson guarantees consumers the “right to exercise control over what personal data organizations collect from them and how they use it.”

The Commerce Department will now commence a series of meetings inviting privacy advocates, consumer groups and key players in the tech and online advertising industries to hash out “enforceable privacy policies,” Bryson said.

In a statement, President Obama said, “American consumers can’t wait any longer for clear rules of the road that ensure their personal information is safe online. As the Internet evolves, consumer trust is essential for the continued growth of the digital economy. “

Meanwhile, the Digital Advertising Alliance an industry trade group, announced it has begun work on a more visible and effective Do Not Track mechanism to add to a self-policing system in effect for all of the consortium’s members. The Federal Trade Commission separately has backed a call for a Do Not Track system buttressed by new federal laws.

Daniel Weitzner, the White House deputy chief technical officer, said the Obama Administration’s goal is to get Congress to draft and pass new privacy laws using the privacy bill of rights as a framework.

“We now have a much more focused blueprint” Weitzner said. “We’ll use our bully pulpit to get legislation passed based on … more

DHS has slightly reduced role in Langevin’s cybersecurity bill

A spokesman for Rep. Jim Langevin, D-R.I., has just contacted LastWatchdog to point out that Langevin’s cybersecurity bill, which is the major comprehensive one in the House, is not exactly the same as the White House proposal.

The major difference is that Langevin’s bill calls for a  National Office for Cyberspace with the Office of the President to oversee the security of agency information systems and infrastructure. While the Langevin bill entrusts the Department of Homeland Security with a  significant role, this is a bit different than the White House and Senate versions, which basically center everything in DHS.

Here is a  summary of Langevin’s proposed cybersecurity  legislation, much of which passed the House last year and was held up because the Senate was planning to cover even more ground in its own bill, but that never got done:

Executive Cyberspace Coordination Act of 2011, sponsored by Rep. Jim Langevin, D-Rhode Island

Background

In 2011, the CSIS Commission on Cybersecurity for the 44th Presidency released their second report with recommendations to increase the Federal government’s ability to protect itself and the American public from increasing cyber threats. Similar to the first report released in 2008, the second edition continues to recommend that the White House take a leadership role and direct national strategy for cyberspace; the public sector enlist the help of the private sector in providing better quality software; and the American public be better engaged in what was previously a private discussion about the digital threats that could disrupt their everyday lives. The second report notes that after two years, the only significant progress has been the extent to which the American public is discovering the profound effects of the internet on their daily lives, and the importance of government efforts to ensure the safety of our networks.

Many in both the government and private sector are frustrated with the pace of progress in cybersecurity. Analysts and senior … more

Disclosure of IMF, Google hacks support cybersecurity legislation

By Byron Acohido, USA TODAY, 15June2011, P1B

The recent rash of disclosures about cyberspying — aimed at undermining the United States — comes as the White House is making its third attempt to push through a historic federal cybersecurity law.

The timing is no coincidence, some cybersecurity analysts say. After two previous bills went nowhere, the White House needs to garner public support for a new law that could equip America for cyberwarfare.

UPDATE -Click here: DHS has slightly reduced role in Langevin bill vs. White House and Senate versions

“The best way to do that is to get folks worried that we’re under attack from some foreign state like China or North Korea,” says Ed Adams, CEO of Security Innovation, which integrates security systems for government agencies. “Most people don’t realize how much of this is premeditated.”

Recent disclosures of cyberattacks against the International Monetary Fund, Google and several defense contractors coincided with an unprecedented pronouncement last week by CIA Director Leon Panetta, who warned a U.S. Senate panel that the U.S. needs to take “defensive measures as well as aggressive measures” to win at cyberwarfare.

The bill is gaining bipartisan support in Congress. It would establish a framework for distributing billions of dollars for new cybersecurity systems, while placing responsibility for securing cyberspace with the Department of Homeland Security.

In an op-ed piece Tuesday in The Hill, Rep. Jim Langevin, D-R.I., the bill’s chief sponsor, underscored the need to engage Americans “in a continuous dialogue about threats we face and steps taken to protect them.”

In that vein, the FBI will help investigate what’s believed to be the theft of e-mails and other documents related to the IMF’s role in stabilizing currency exchange rates and keeping global trade in balance.

“This is part of a wave of economic espionage putting additional pressure on the U.S. economy,” says Alan Paller, research director at SANS Institute, a cybersecurity think tank.… more

Coalition launches global online safety campaign: Stop. Think. Connect.

By Byron Acohido, USA TODAY, Oct. 4, 2010, page 3B

SEATTLE — Stop. Think. Connect.

That’s what a high-powered coalition of federal agencies, tech companies, retailers and non-profit groups want you to do every time you use the Internet.

Today, the group launched a milestone public awareness campaign. The goal: to engrain “stop-think-connect” as deeply into culture as the seatbelt reminder “click-it-or-ticket” and Smokey Bear’s quote, “Only you can prevent forest fires.”

“Cybersecurity is a shared responsibility for all of us,” says Joe Sullivan, Facebook’s chief security officer. “People will have a better experience on the Internet if they do some basic things.”

The campaign stems directly from President Obama’s May 2009 pronouncement that the U.S. will assume a leadership role in making the Internet safer.

Overseen by the Department of Homeland Security, the coalition includes Microsoft, Facebook, Google, Intel, AT&T, Visa, PayPal, Wal-Mart, Costco, the Department of Justice and the IRS among its 28 founding members.

For the common good

The members understand that each of their respective organizations stands to benefit from a unified effort to advance public awareness about Internet threats, says Michael Kaiser, executive director of the non-profit National Cyber Security Alliance. Each will incorporate the stop-think-connect slogan and theme into existing and new public education initiatives.

Facebook, for instance, is preparing a seven-question quiz, which it will make available sometime this month on its security issues page and home page. It will also donate 35 million ad impressions to promote the quiz, which espouses best practices for passwords and browser use.

This is all intended to slow down cybercriminals, who are having a field day. One estimate puts identity theft losses, much of it due to online scams, at $4.5 billion in the past two years, making it the fastest-growing crime in America, says Kaiser.

Online safety has yet to be elevated to a major public safety issue, akin to the way society views drunk … more