White House lays out cyber-security proposal
May 12th, 2011
05:21 PM ET

White House lays out cyber-security proposal

WASHINGTON (CNN) – In reaction to ever increasing attacks of cyber crime across the country, the White House today laid out its plan to protect U.S. citizens and the country’s critical infrastructure. 

On a conference call with reporters, a senior White House official said cyber crimes have increased “dramatically” over the last several years and admitted that “the nation cannot fully defend against these threats unless certain parts of the cyber-security laws are updated.”

The proposal, the culmination of two and a half years of work, was done in consultation with cyber-security experts, privacy advocates, private industry and businesses, and officials from across the DOJ, DOD, DHS, and the Commerce Department.

“There’s a lot of smart people working in this,” the White House official said.

The plan was delivered to Congress today, is described by administration officials as “pragmatic and focused,” and aims to improve cyber-security for the American people, the country’s critical infrastructure, and the Federal Government’s own networks and computers.

Currently there are some 47 state laws that protect the American people from identity theft. A Department of Justice official suggested enacting a federal law would “simplify and standardize” those laws, and ultimately make it easier for businesses to report cyber-crime and safer for the American people.

Another aspect of the proposal would transfer authority to the Department of Homeland Security making it the hub for all cyber-security related incidents.

“The proposal really provides for greater, more streamlined cyber authority at the Department of Homeland Security, the United States government’s focal point for cyber-security. This new authority will enable DHS and the rest of the national security team to go that much further in protecting our nation and strengthening our national security posture,” a Defense Department official said.

Having DHS at the hub would allow the agency to respond to cyber incidents to the government and private industry more quickly, officials said.

The proposal would also lean more heavily on input from the private sector by implementing a “voluntary information sharing” system to encourage businesses to share more information with the government.

DHS would also ask private industry to help “mitigate risk” when it comes to national intelligence so, as a DHS official said, “we would have better situational awareness that we could use to protect critical infrastructure, the government, and the country more generally.”

“We don’t believe government has all the answers here, nor do we believe that it’s appropriate for the government to say, ‘Thou shalt do X, Y, and Z,’” the official added.

The White House also mentioned the many safeguards that would be set up to ensure that privacy and civil rights standards are met, including oversight by DOJ, outside oversight and auditing, and transparency through disclosure of cyber-security plans.

The proposal was drafted at the request of members of both houses of Congress according to the administration. Congress will likely be debated in the coming weeks and months and the administration is aware that this is just the beginning of the dialogue with members of Congress. But officials stressed the importance to act swiftly because in addition to being a matter of national security the White House believes cyber-security threats are of economic concern.

“Our economy is hurting today because of a lack of effective and fully sufficient cyber-security practices. This strategy is one that will address that concern with a thoughtful and well-targeted role for government,” a White House official said.

soundoff (2 Responses)
  1. William Hugh Murray, CISSP

    It is interesting that the proposal places responsibility on the private sector to ensure that it does not compromise privacy by sharing information with DHS but does not require DHS to protect the shared information.

    Sharing intelligence is always problematic. The party that shares needs some assurance that the shared intelligence will not be misused, abused, or leaked. DHS security is so bad that the parts of the agency will not share with each other. Unless and until DHS can demonstrate at leas the intent, never mind the capability, to protect any intelligence provided by the private sector, the private sector will not share.

    This is a fundamental problem and this proposal contains nothing to address it.

    May 14, 2011 at 4:13 am |
    • Michelle

      Global Cyber Attack and How They affect National Security

      Posted May 22

      Global security is at risk, a cyber attack in today's society cybercrimes is causing a breach in National Security and a breach in Global security by global hackers. Cyber terrorism and cyber espionage is putting the public at risk for white-collar crimes including invasion of privacy and identity theft. Compromised systems are sold every day from the various vendors and electronic stores who advertise and sell cyber crime systems to the public. The spyware phenomenon was visible after the birth of the Patriot Act under the G.W Bush administration. Although, Black Hat Cybercriminals and Black Hat Crackers are counting on the naivety of private citizens and unsuspecting companies in order to perpetrate white-collar crimes, is putting the public at risk for cybercrimes. The truth of the matter is cyber attacks are real.

      Malware analyst or White hats can defend themselves against Cybercriminals by thinking like a hacker in order to resolve the anomalies that have plagued computer systems, networks and servers. Investigating the anatomy of a hack is a very tedious job. The latest attacks are currently attacking the internal hard drive of the targeted systems. Cybercriminals are using scare ware to drive the public to hijacked web sites to steal personal information. Online sites such as Speedup My PC.com, PC Tools, and System Mechanic including other products have given the public a false since of security while collecting billions in the process; this creates a false since of security for the public user purchasing malware products. Firewall makers such as McAfee and Norton are also raking in billions with hijacked web sites with installation files designed to disable firewalls, add worms, and embedded malware files in the software. Cybercriminals employed to design software for the public then add the malicious software to their sites for online purchases. Companies that employ cybercriminals for web development often design hijacked sites for online purchases. Internet service providers such as AOL installations have added worms to their installation software and Cricket software installations disable the firewall.

      Cybercriminal employed at the c various companies will defend the anomalies in the system by auguring with victims who have fundamental knowledge of technology. Online fake companies included in the compromising of the victims computer systems is the variation of the name SPY.NOT, the variations are spyNOT and SPYNOT; downloading from those sites will compromise your system; the name SPY.NOT does not offer software. SPY.NOT only offers malware analysis, research, and the collection of Digital forensics from compromised systems, networks and servers. The most prevalent makers of pre-installed spyware are Best Buy and their technical support Geek Squad. Geek Squads, current systems are pre-configured with spyware, malware, viruses, worms and other anomalies associated with white-collar crime and cyber crimes. Geek Squad continues to perpetrate this fraud by offering consumers the option of removing spyware anomalies for a fee; this is fraud. Unsuspecting consumers who purchased spyware system from Best Buy and other vendors have no clue that they have just purchased a spyware system. The offer to remove the spyware is just an upgrade of the current spyware pre-installed prior to the selling the system; victims who own these systems, networks and servers are victims of cyber crimes when they leave the store. The infected spyware systems offered at Best Buy pre-installed by Geek Squad are Dell, Compaq, HP, Toshiba, and Macintosh; infected operating systems as of 2011 is Windows Vista and Windows 7. These systems are infected with spyware pre-installed and pre-configured by Geek Squad. Geek Squad continues to defraud the public by offering to remove pre-installed spyware on the various laptops and desktop systems then forcing victims to pay for an upgraded version of spyware that connects the victims system to an army bot of a Virtual Remote Access Trojan horse. Due to the persistence of hackers, this phenomenon has remained anonymous for years. Cybercriminals are counting on the naivety of the public. Cybercriminals currently have the freedom to victimize the public with repercussions' and without fear. Understanding the anatomy of a hack is to understand the theory of technology then reversing the theory to solve the crime, what I call "Thinking outside of the box".

      Digital evidence collected from 2004, will prove the out of the box theory, each piece of evidence proves our public safety and national security is at stake. If for some reason you are unable to locate my blog, or view the digital evidence posted on my blog on http://www.blackplanet.COM/SPY-NOT.

      Editor Michelle Jackson

      June 12, 2011 at 12:38 am |