Safety Net for the Net

May 20, 2011
Cyber Security, FedCyber Wire
No Comment

via The American Prospect

Last week, President Barack Obama unveiled legislation aimed at making cyberspace safer. “Cyberspace” is, admittedly, a clunky term, but no one has yet come up with anything better to describe the totality of Internet connections, electrical grids, consumer databases, financial networks, military systems, and other networks on which American life has grown dependent. But when it comes to securing it, as Obama has said, “we’re not as prepared as we should be, as a government or as a country.”

Obama’s proposal won’t win any awards for innovation, but it does seek to answer the two big questions: Can we protect the digital realm from the viruses, hacks, and breaches that regularly threaten it? And, can this be done without upsetting the balance between private innovation and government oversight that has enabled the Internet’s explosive growth in the last few decades? The president’s cybersecurity proposal follows a model first adopted in the early days of the Internet: The government encourages the private sector to take the lead; if it doesn’t, or if it fails, the government steps in.

Obama’s plan would formally appoint the Department of Homeland Security to act whenever there’s a digital breach of information — whether it’s in the private or public sector. The proposal also sets up a legal framework to govern how DHS responds once a company asks the government to get involved.

Part of the goal is to avoid scandals like the recent ones at Sony and Google. In the case of Sony, the records of millions of its gamers were hacked during a two-week period in April, and the company is accused of a delay in informing their customers. In February, Google, after finding out that Gmail and other systems had been infiltrated, with digital forensics showing the threat came from China, caused a stir by giving the National Security Agency access to its records. We learned after the fact that Google executives had been outraged that some 20 other large companies from “the Internet, finance, technology, media, and chemical sectors” had been similarly targeted by China, but only Google had risked public wrath by seeking assistance from one of the government’s most distrusted agencies. The idea behind the Obama plan is to make it less toxic for a company to call for help, by setting clear rules about what government agencies have access to and who’s in charge.

Continued here.