U.S. President Barack Obama has taken a stance on cybersecurity and how it needs to be addressed more seriously. With various cybercrimes occurring in the U.S. of late, including the most recent infamous attack on Sony Entertainment, it was only a matter of time before cybersecurity was addressed by the president.
"I've got a State of the Union next week," Obama said this week. "One of the things we're going to be talking about is cybersecurity. With the Sony attack that took place, with the Twitter account that was hacked by Islamist jihadist sympathizers yesterday, it just goes to show much more work we need to do, both public- and private-sector, to strengthen our cybersecurity."
The government has also been under scrutiny by many following the release of a report by Senator Tom Coburn titled "A Review of the Department of Homeland Security's Missions and Performance." The report criticized the DHS for failing to protect the public in regard to cybersecurity.
Unfortunately, there's a bad connection between Obama's move toward supporting cybersecurity and the report, as ZDNet highlighted how the president's upcoming legislation is based on the DHS's National Cybersecurity and Communications Integration Center.
The problems of DHS and its approach
ZDNet reviewed the many issues that the report pointed out. One of the main problems involves DHS not keeping up with its own recommendations. The Office of the Inspector General, a resource for federal employees to report allegations of fraud and corruption, played a huge part in discovering the information in the report. For example, the report said that DHS warned its subscribers about Windows XP cybersecurity holes. However, seven months after issuing the warning, it was found that several computers within the department were still running Windows XP.
The report also detailed issues that the DHS has with its own data. When the Inspector General audited the department, it found that patches were missing on several parts of its system. The TSA server, which contains information on 2 million Americans, was no exception to these discovered flaws. The report chided the department for not "practicing what it preaches," which has been a very common within the topic of cybersecurity.
It is a basic step to fully implement any warnings about cybersecurity holes, as one slip-up can lead to a downfall of an entire system. Tools like email encryption have become necessary when putting cybersecurity in place, but companies still disregard warnings that are put out. This is why cybersecurity is becoming such a huge government concern. When money is wasted as a result of cyberattacks, it's difficult not to think about what could have been done to prevent the breaches.
Getting serious about cybersecurity
The information in this report is certainly expected to affect the public's trust of the DHS. The department plays a crucial role in enforcing the laws related to cybercrime, and when it is unstable, that means the public is at risk of having information exposed.
One good thing about Obama discussing the topic of cybersecurity is that businesses and people might be encouraged to take it more seriously. According to The Guardian, Obama expressed a strong conviction that cybersecurity needs to be a more talked-about topic within the government. The plans he discussed included setting up an information-sharing system for DHS, which would allow real-time data to be given to the NSA, FBI and Secret Service.
"We've got to stay ahead of those who would do us harm," Obama said. "The problem is that government and the private sector are still not always working as closely together as we should. Sometimes it's still too hard for government to share threat information with companies."
According to The Guardian, officials are assuring the public that the system will not put privacy at risk. Obama took note of the public's concerns about privacy and information-sharing, and insisted that checks and balances were in place to protect consumer data.
The legislation and future of cybersecurity
Many reforms are in place for cybersecurity, and the White House laid out what kind of legislation is pushing through Congress and the House. One of the points address in the proposed laws was setting up the information-sharing system with DHS, as well as modernizing law enforcement to work against cybercrime. The latter would move toward putting tools in place that may help law enforcement investigate and prosecute cybercrime. This could be a step forward with regard to cybersecurity being taken more seriously, as when law enforcement does, the public will too.
Legislation is also attempting to update reports on cybersecurity. Companies will be required to notify employees and customers about breaches to help consumers be more aware of the risks.
Cybersecurity is certainly evolving as a serious concept within the government and for the public, which means that hopefully, businesses will start to take it more as well. Putting protection in place is necessary, no matter the industry.