Given that my CA colleague Tim Brown testified yesterday before the House Committee on Science and Technology on cybersecurity R&D, the US government and security are fresh on my mind.
On May 29, 2009, President Obama gave a speech on his administration's intention to address cybersecurity (full text available here), including his intention to appoint a new cybersecurity coordinator "... to ensure that federal cyber policies enhance our security and our prosperity."
There is ample commentary on the speech and the policy implications behind it (two worthwhile reads are Bruce Schneier and Gene Spafford). While I will not directly contribute to this debate since all the major salient points have been made, one frequent criticism of the Obama proposal is that the new "cybersecurity czar" will report jointly to the National Security Council and the National Economic Council and not higher up within the administration. This is a valid criticism since prior security czars such as Howard Schmidt, Amit Yoran and most recently Rod Beckstrom all operated under similar reporting structures and struggled at times to gain the necessary attention and focus of the appropriate senior administrator officials.
Interestingly (and lost in the shuffle on the discussion of the speech itself), new legislation has already been introduced in the Senate that attempts to rectify the reporting situation, by empowering the President to appoint a cybersecurity panel that would report directly to the President.
Senate Resolution S. 773, "Cybersecurity Act of 2009" co-sponsored by Senators John D. Rockefeller, Olympia Snowe, Evan Bayh, and Bill Nelson was introduced in April 2009. The bill has plenty of provisions beyond just raising the reporting profile for the cybersecurity panel, including the establishment of "... a Secure Products and Services Acquisitions Board to review and approve high value products and services acquisition and establish validation standards for software to be acquired by the federal government."
While I offer no pronouncements on the bill's chances of approval (it has been read twice and referred to the Committee on Commerce, Science, and Transportation chaired by Senator Rockefeller for further discussion), there are some very interesting and promising concepts offered in the proposed legislation. For anyone concerned with cybersecurity, let's hope that this bill sustains itself and does not wither away.