Backtrack; What did the Cybersecurity Report of 2009 Do?

In light of 2015’s constant plague of cyber crime, it’s no surprise that the government has seen fit to examine the issue repeatedly. However, it’s easy to get lost in all the protocol and revision that has occurred in the last few years as technology and tech savviness changes. Here’s an overview of the incredibly influential cybersecurity report that was released in 2009 as a way of briefing and advising Obama:

<> on February 22, 2010 in Washington, DC.

<> on February 22, 2010 in Washington, DC.

The Cybersecurity Report of 2009 was published by the White House and conduced by cybersecurity chief Melissa Hathaway in an attempt to provide wide-ranging guidelines advising President Barack Obama on how the government can secure cyberspace. The 76-page report discusses communicate networks for emergency response teams, the role the government should play in the protection of critical infrastructure networks, privacy, and civil liberties. It was released in the conjunction with the announcement that Obama would be creating a new cybersecurity office and leader as well as a privacy and civil liberties official to oversee the government’s cybersecurity plans.

The report outlined guidelines for the cybersecurity czar’s position (it would be a White House action officer for cyber incident response and should establish a point-of-contact for cybersecurity-related issues with all departments and agencies should they become necessary). IT also said that the cybersecurity czar should not have operational responsibility nor have the authority to make policy unilaterally but should play some sort of role in all appropriate economic, counterterrorism and science and technology policy discussions to provide an informed cybersecurity perspective to any policymaker who needs it. Finally, the czar would be responsible for developing legislative agendas for Congress that would support the government’s cybersecurity and technology plans.

050203-D-2987S-133 Vice Chairman of the Joint Chiefs of Staff Gen. Peter Pace, U.S. Marine Corps, responds to a reporter's question during a Pentagon press briefing on Feb. 3, 2005.  DoD photo by Helene C. Stikkel.  (Released)

The outlined cybersecurity strategy involved preparing a cybersecurity incident response plan in coordination with private tech industries, create and information and threat-sharing plan with private industries that protect trade secrets, determine the appropriate role for the government in the defense of critical infrastructure while safeguarding privacy and civil liberties, working with like-minded nations to address questions about territorial control of virtual space and the use of force when it comes to responding to cybercrime, data protection, etc., working with state and local partners to institute purchasing strategies that will force vendors to make more secure products and services for the public (an ironically ignored aspect of the report given the consistently reported conflict between Apple and the government regarding encryption and whether the government can force Apple to make its products have a “backdoor” for government surveillance), encouraging state and local governments to designate a single cybersecurity leader to coordinate activities in their communities and with the federal government, looking at breach notification laws and considering forcing entities that experience an intrusion to report the incident to the government, and supporting research and development of technologies to enhance cyber security.

The report also asked the government to evaluate pilot deployment of intrusion detection and prevention systems for federal and state government systems in consultation with civil liberties advocates.

So what do you think, did the government hold true to the 2009 report or have things changed since then? Feel free to comment with your opinion.


Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>