The nation's digital infrastructure is under grave threat from a range of adversaries and needs to be protected as a strategic national security asset, President Barack Obama said this morning at a news conference outlining his administration's proposals to secure cyberspace.
Speaking to reporters at the White House, the President also announced the creation of a cybersecurity coordinator role at the White House who will be responsible for overseeing a national strategy for securing American interests in cyberspace.
The as-yet-unnamed coordinator will be responsible for "orchestrating and integrating" all cybersecurity policies for the government and will be personally selected by the president, Obama said .
He described the move as an attempt to give cybersecurity the "high-level focus and attention" it deserves at a time when critical government, military and private sector targets are coming under increasing attacks by adversaries, he said.
"We're not as prepared as we should be," Obama said, noting that no single person is currently responsible for overseeing the U.S. government's cybersecurity efforts. "This status quo is no longer acceptable."
That, he said, is what led him to call for a "top-to-bottom" review of government efforts to protect critical infrastructures from cyberattacks. "This new approach starts from the top...."
Pointing to national security needs, Obama noted that defense agencies are under frequent attack. He pointed to malware that infected Defense Department computers last year, saying the attack had forced the military to require soldiers to stop using thumb drives to prevent the malware from spreading.
He also said that his own campaign operation had been hacked last year.
Obama's plans are based on a review of government-wide cybersecurity undertaken by Melissa Hathaway, a former Bush administration aide who he appointed as acting senior director for cyberspace.
Based on the findings of the report, the government will pursue actions in five key areas, Obama said.
First, Obama wants those involved in security issues at government agencies and in the private sector to devise a comprehensive strategy for improving cybersecurity, with a focus on goals, management priorities and accountability. Second, he wants the nation to be able to respond to cyber events in a more organized and unified way.
"Ad hoc responses will not do," Obama said. "Just as we do for natural disaster, we need to have plans in place."
The President also wants a focus on building stronger public and private partnerships around cybersecurity; on pushing new security research and development; and on launching a national campaign to spread cybersecurity awareness.
The new coordinator will be a member of the National Security Council and would report both to the national security adviser and the senior White House economic adviser. The goal is to have someone with direct access to the President on cybersecurity matters who has the clout to force changes across government agencies if needed.
Obama stressed that his cybersecurity efforts are in no way designed to allow for government spying on internet communications or government control over Internet traffic. These are the things we will not do, he said in an apparent reference to concerns about a proposed Senate bill that would give the President unprecedented powers to disconnect companies from the Internet for security reasons.
Obama's plans have been met with a mixture of excitement and trepidation within the security industry. While the high-level attention given to cybersecurity by the president is generally seen as positive, there are concerns it could lead to regulations and a meddlesome government regulations on cybersecurity matters in the private sector.
Ken Mingis contributed to this report.