As federal authorities scramble to meet the first wave of milestones outlined in President Obama's February executive order on cybersecurity, administration officials are stressing that the government is seeking a collaborative approach and eschewing heavy-handed mandates for industry stakeholders.
Officials from the White House and the departments of Commerce and Homeland Security described the administration's efforts to develop a coordinated approach to cybersecurity during a panel discussion here at the annual conference hosted by NCTA, the principal trade group representing the cable industry.
The first round of deliverables under Obama's executive order is due to the White House today, with national security officials expected to present reports outlining suggestions for how to develop a better system of sharing information about cyber threats, ways to incentivize stronger security among private-sector businesses, and an approach to incorporating new cybersecurity standards into the federal acquisition and contracting processes.
That work began with the formation of an interagency task force that was convened by DHS and intended to bring together officials from an array of departments with responsibilities for cybersecurity.
Step 1: Having Cybersecurity Conversations
"Challenge number 1," says task force director Robert Kolasky, "was how do we organize the whole community in a way that we can have that conversation."
The view is similar from the White House, which has emphasized the collaborative nature that is essential to the development of any coherent policy on an issue that spans the public and private sectors and touches as many government jurisdictions as cybersecurity.
"None of us can operate on island, particularly as it relates to cybersecurity," says Samara Moore, director for cybersecurity and critical infrastructure at the White House.
Moore is quick to point out the limitations of the executive order, describing it as just one of several fronts on which policymakers must address the cybersecurity threat. In particular, she reiterates the White House's call for legislation that would establish stronger oversight of private-sector operators of critical infrastructure.
Part of the work of the task force that Kolasky heads has been to identify specific elements of that infrastructure where an attack would pose the greatest risk. DHS is to produce that report within a month (or day 150 from the issuance of Obama's executive order; Wednesday marks day 120), enumerating the infrastructure components "where a cybersecurity incident could reasonably result in catastrophic regional or national effects on public health or safety, economic security, or national security." The good news, according to Kolasky, is that it's shaping up to be a short list.
"Our critical infrastructure is pretty resilient," he says. "We do not see a lot of things that could cause catastrophe [if attacked]."
Sign up for CIO Asia eNewsletters.