It began when the White House asked private citizens to report the emails of those involved in ‘misinformation’ about the Obama healthcare plan. Around that same time, the newly minted cyber czar Melissa Hathaway announced her resignation. And now there is a storm brewing around legislation to give control of the internet to the President in an emergency.
If there is a cyber ‘reset’ button, now is the time to press it. The Obama Administration set out with the admirable goal of taking the cyber threat seriously—infusing the President’s budget with cash for cyber security and naming it one of its top homeland security priorities.
The focus on cyber is for good reason. As Homeland Security Secretary Janet Napolitano accurately phrased it “we’ve been living in a cyber 1.0 world and we need to be cyber 3.0 and beyond…” Cyber attacks are on the rise—and the threat of state and non-state actors using cyber attacks to bring infrastructure down is credible.
Just ask Estonia—who in 2007 was subject to a cyber assault which brought down both public and private networks. But you don’t have to look outside the United States to find examples of the increasing cyber threat. In 2007, popular clothing stores TJ Maxx and Marshall were attacked and the hacker stole $45.7 million in credit and debit card information.
Cyber is a vital part of human interaction—we depend on it for purchasing Christmas presents, traveling, paying bills, banking, utilities, etc. More fundamentally, our critical infrastructure, from electricity to water, thrives on it.
But the Administration hasn’t even announced its cyber plans and these recent controversies send the wrong message to the American public—first that the Obama Administration doesn’t take cyber strategy seriously and second that they can’t trust the Administration with their personal information. The situations are embarrassing and are likely to destroy the chances of a meaningful policy debate on cyber security. To fix the problem, Obama is going to have to move quickly, form coalitions, and start talking cyber to the American public in a way that will gain their trust.
First step is to reign in Congress. Obama is in a good position to do this; his own party has a nice majority in both houses. This is just the kind of policy debate that Congress loves to insert itself in and yet has the capacity to destroy its credibility on the topic in a matter of minutes. They generalize. They politicize and too easily brush aside legal authorities, constitutional constraints and effective policy in favor of stakeholder groups. This isn’t to say that legislation won’t eventually be appropriate, but only that Obama shouldn’t let Congress set the talking points as it has done in recent weeks.
Second step is for the Obama Administration to take some real cyber leadership. This should begin at the highest levels but shouldn’t end at the White House. The entire federal government suffers from a knowledge deficit that jeopardizes its ability to make informed cyber choices. We need to act quickly to put in place a professional development system that will develop a team of experience professionals, dedicated to the cyber environment. This system should be characterized by such principles as education, assignment and accreditation—experience and knowledge that will government leaders the tools needed to make well-informed cyber decisions.
Third is to start talking about cyber. President Obama and Congress must be careful not to put out cyber legislation and make that a starting point for the cyber policy debate. Start talking first. Ask questions. What are the threats? What do Americans expect from the government in terms of cyber? What is the role of the private sector? These are fundamental questions that must be answered before legislating.
Doing nothing shouldn’t be an option. It doesn’t matter whether Obama could control the Internet, and it doesn’t matter if they didn’t plan to use those emails to form a healthcare hit list. Many Americans are suspicious, and that doesn’t bode well for cyber security.
Cyber policy requires a fundamental level of trust in government. It needs to start the process now if it ever expects to regain this trust.
******
Jena Baker McNeill, J.D., is a Homeland Security policyanalyst at the Douglas and Sarah Allison Center for Foreign Policy Studies at The Heritage Foundation.
Loading ...