Group items matching

in title, tags, annotations or url

In a move that could reshape the federal government's cybersecurity efforts, President Obama on Monday said a former Booz Allen consultant would conduct an immediate two-month review of all related agency activities. The announcement indicates that the White House's National Security Council may wrest significant authority away from the U.S. Department of Homeland Security, which weathered withering criticism last fall for its lackluster efforts. Obama selected Melissa Hathaway, who worked for the director of national intelligence in the Bush administration and was director of an multi-agency "Cyber Task Force," to conduct the review with an eye to ensuring that cybersecurity efforts are well-integrated and competently managed. "The president is confident that we can protect our nation's critical cyber infrastructure while at the same time adhering to the rule of law and safeguarding privacy rights and civil liberties," said John Brennan, the president's homeland security adviser. Hathaway's appointment comes as Obama plans to overhaul the National Security Council, expanding its membership and effectively centralizing more decision-making in the White House staff. That would vest more authority in a staff run by James L. Jones, a former Marine Corps commandant who warned at a speech in Munich over the weekend that terrorists could use "cyber-technologies" to cause catastrophic damage. During a panel discussion that CNET News wrote about last fall, Hathaway defended Homeland Security's efforts to develop what it called a National Cyber Security Initiative, saying there was "unprecedented bipartisan support" for it. "Over the past year cyber exploitation has grown more sophisticated, more targeted, and we expect these trends to continue," she added. "Our cybersecurity approach to date has not kept up with the threats we've seen."

Here are five interesting factoids regarding information security culled from documents and statements accompanying President Obama's fiscal year 2010 budget: The current number of positions filled in the federal IT workforce totals 17,785, with 8,407 of them - or 47 percent - deemed IT security. The Department of Homeland Security seeks $75.1 million more in the coming year to develop and deploy cybersecurity technologies for the entire government to counter continuing, real-world national cyber threats and apply effective analysis and risk mitigation strategies to detect and deter threats. Homeland Security also seeks $37.2 million, a $6.6 million increase, to address critical capability gaps identified in the government's Comprehensive National Cybersecurity Initiative. Specifically, says DHS Secretary Janet Napolitano, this effort would seek and/or develop technologies to secure the nation's critical information infrastructure and networks. Nearly half of the federal workforce - 2.7 million individuals - have been issued credentials that provide for digital signature, encryption, archiving of documents, multi-factor authentication and reduced sign-on to improve security and facilitate information sharing. The total federal IT budget for 2010, including funds earmarked to secure data and systems, tops $75.8 billion, up $5.1 billion or 7.2 percent from the current fiscal year.

Opinion: Privacy columnist Jay Cline says the time is ripe for a global privacy standard to replace the hodgepodge of privacy principles that multinational businesses must cope with. The first step is to agree on what privacy really means. Whenever I've mentioned to chief privacy officers the idea of having a single set of privacy rules for their companies to abide by worldwide, their response has been unanimous: Bring it on. Why? The legal and technical costs of complying with an expanding patchwork of state, federal and foreign privacy laws are mounting for multinationals. Having one set of rules would improve the bottom line. Data-protection commissioners from many world governments are singing the same tune. At a November conference in London, they issued a communique urging the United Nations to launch an international privacy convention toward this end. > You and I as customers and employees would also benefit from one set of rules that we could come to know and understand - instead of the vast array of obtusely worded privacy notices that we see on Web sites and find in our mailboxes. It's hard to imagine a major constituency, outside of the Idaho and Michigan militias, that would be against the concept of a global privacy agreement, if it was properly worded. So, what's the holdup?