Obama's strategy for countering cyber attacks
He will appoint a 'cyber czar' and bring government and industry together to work on the problem. But is cooperation possible?
(Page 2 of 2)
Obama said he will develop a strategy without pushing onerous regulations on an industry wary of such intervention. He also sought to assure Americans that he does not support violating their own privacy to achieve his ends.Skip to next paragraph
Subscribe Today to the Monitor
"Our pursuit of cyber security will not, I repeat, will not include monitoring private-sector networks or Internet traffic," he said. "We will preserve and protect the personal privacy and civil liberties that we cherish as Americans."
The administration will walk a fine line, says Mark Gerencser, senior vice president with Booz Allen Hamilton, a consulting firm in Washington, who participated in a cyber-attack "war game" in December with top Pentagon and Homeland Security officials.
"One of our clear findings was balancing privacy and security, and that has to be kept in mind," he says. "Given our freedoms and liberties that we value so dearly, some security measures just won't work."
The answer to cyber-security problems also lies in creating a policy in which offensive and defensive operations work together, experts say.
The US, Mr. Gerencser says, should be playing soccer – one set of players for both offense and defense. But instead, it's playing football, using different players for different operations.
"The real problem is that cyber is one of those issues that affect private and public sectors," he says. "The government can't do it by itself."
Yet the government has problems sharing information, raising questions about just who's in charge, Ms. Sciarrone says. For example, the Pentagon protects all "dotmil" websites and e-mail networks, and the Department of Homeland Security is charged with protecting all "dotgov" entities. But for the most part, the two agencies aren't well integrated to confront the problem.
Sciarrone is studying the issue for the Project on National Security Reform, which aims to restructure the antiquated national-security infrastructure to make it effective against the kinds of enemies the US now faces.
"We need to understand our adversaries," she says.
Part of the administration's strategy will be to create a new "cyber command" within the Defense Department. Details on that will emerge in coming weeks, defense officials say. "Cyber Com" will probably be what's known as a sub-unified command, falling under US Strategic Command. Cyber Com is likely to be located at an Army base at Fort Meade, Md., outside Washington. It will be focused as much on defensive operations as on offensive ones.
"It's gotta be both," says one military official, who asked not to be named due to the sensitivity of the issue. "It's a war-fighting realm, so it's gotta be both."