Ed. Note: The following article was written by Occam's regulatory counsel Wilkinson Barker Knauer, LLP, one of the nation's leading communications law firms. They are advising service providers to carefully consider cybersecurity when planning for their broadband stimulus applications.

Considering Cybersecurity

In our ever-more-networked society, we've long known that security vulnerabilities exist in our digital infrastructure, and the Obama Administration recently has taken steps to tackle the problem head-on. On May 29, 2009, President Obama announced the release of a White House report on cybersecurity issues. Titled Cyberspace Policy Review: Assuring a Trusted and Resilient Information and Communications Infrastructure ("Report"), the Report includes recommendations for improving the security of the nation's communications networks and related critical infrastructures.

In his remarks, President Obama committed to taking the Cybersecurity Report seriously and announced the creation of the new position of "Cybersecurity Coordinator" in the White House. (He did not announce who would fill this position.) The President emphasized the link between cybersecurity and American competitiveness, prosperity and national security interests, calling the cyber threat "one of the most serious economic and national security challenges we face as a nation" and saying that "we're not as prepared as we should be." Vowing to do better, the President said that "[f]rom now on, our digital infrastructure – the networks and computers we depend on every day – will be treated as they should be: as a strategic national asset. Protecting this infrastructure will be a national security priority. We will ensure that these networks are secure, trustworthy and resilient. We will deter, prevent, detect, and defend against attacks and recover quickly from any disruptions or damage."

The Report issues a clear warning about the dangers posed by cyber threats to critical infrastructures, the financial system, and intellectual property rights. It makes the case for the development of "a more reliable, resilient, and trustworthy digital infrastructure for the future" and calls for greater coordination between agencies responsible for communications policy-making and those responsible for cybersecurity policy.

Our key takeways from the Report are as follows:

• The Report stresses the need for stronger central coordination in cybersecurity policy, recommending that the new cybersecurity policy official at the White House prepare an updated national strategy and that state, local and tribal governments consider appointing their own Cybersecurity Coordinators to interface with the federal Coordinator.
• The Report laments the downward trend in the number of advanced degrees in computer science and engineering and say that this trend must be reversed and that new strategies should be developed to better attract cybersecurity expertise to, and increase retention within, the federal workforce.
• The Report urges close coordination between the Federal government, foreign governments and the private sector to ensure cybersecurity. These efforts should respect federal antitrust requirements and should be tailored to protect private-sector interests in proprietary information.
• The Report recommends development of "a comprehensive framework to facilitate coordinated responses by government, the private sector, and allies to a significant cyber incident." The Federal government, in concert with states, localities and tribes, should develop metrics for use in detecting and responding to events, and should review policies that might inhibit the sharing of critical information among disparate federal actors, develop standards for incident reporting, define processes for sharing information with the private sector, and explore means of sharing such information with foreign allies.
• Noting the innovation benefits that come from the inherently decentralized nature of the Internet, the Report challenges innovators to "harness the full benefits of innovation to address cybersecurity concerns." Pointing to the cybersecurity threat posed by the rise of distributed cloud computing, the Report calls for the development of "game-changing technologies that will help meet infrastructure objectives." Cybersecurity efforts should also aim for improved "identity management" tools to ensure the authenticity of persons and data online.
• Warning that the globalization of the IT supply chain "raises concerns about the potential for easier subversion of computers and networks through subtle hardware or software manipulation," the Report calls for a "broad, holistic approach to risk management," including (among other things) revised procurement strategies and expanded partnerships with state, local, and tribal governments as well as international partners.

The initiatives called for in the Report may present interesting opportunities for private sector innovators, as the Federal government appears more focused than ever on addressing cybersecurity issues.