The Field Report with Tom Field

President Obama's Unfinished Business

Election Over; It's Time for Cybersecurity Action
President Obama's Unfinished Business

If President Barack Obama's second term were a movie sequel, I'd call it "Unfinished Business." Because now it's time for the newly re-elected president to step up and see through the cybersecurity initiatives he spoke about when he first took office.

See Also: Live Webinar | Breaking Down Security Challenges so Your Day Doesn’t Start at 3pm

Remember the 10-point cybersecurity plan Obama unveiled in May 2009, aimed at securing the nation's critical IT infrastructure?

We're no longer talking about a critical infrastructure at risk; it's under attack. 

That was three-plus years ago. Some elements of that plan have been fulfilled, starting with No. 1. Obama, indeed, appointed a high-profile national cybersecurity coordinator, Howard Schmidt, who served 2.5 years before stepping down and being replaced by Michael Daniel.

And as my colleague Eric Chabrow pointed out the other day in his analysis, Cybersecurity: Obama vs. Romney, there is much the Obama administration has done in its first term:

But there are some key cybersecurity goals that have not been met. Chief among them is the item that was No. 2 on Obama's original 10-point plan: Sign off on an updated national strategy to secure the information and communications infrastructure.

We can all agree that securing the critical infrastructure is essential. And we all recognize that 80 percent of the nation's critical infrastructure is controlled by the private sector. The unresolved question: To what degree should the federal government step in to regulate private industry in the name of securing critical infrastructure? Obama favors more regulation; his Republican opponents in Congress favor less.

On this critical issue, the first Obama term ended in a stalemate. Congress failed to pass the Cybersecurity Act of 2012, which included provisions to establish IT security best practices that could be voluntarily implemented by industry. And Obama hasn't come through on his subsequent threat of an executive order that would create a process to develop these best practices with the private industry stakeholders.

So ... what now?

While politicians have blustered, the threat landscape has changed dramatically. Among the escalated threats we've seen in Obama's first term:

Obama's second term must see a concerted bipartisan effort to address these threats. We're no longer talking about a critical infrastructure at risk; it's under attack.

Which brings me back to "unfinished business." With re-election behind him, Obama now has the opportunity to think about his legacy. He has every chance to become our first true "cybersecurity president." But that will happen only if he can bridge gaps - not just between parties, but between public and private sectors - and oversee enactment of legislation and defensive measures that truly address our vulnerabilities.

A cybersecurity plan is no longer sufficient. Now it's time for action.

About the Author

Tom Field

Tom Field

Senior Vice President, Editorial, ISMG

Field is responsible for all of ISMG's 28 global media properties and its team of journalists. He also helped to develop and lead ISMG's award-winning summit series that has brought together security practitioners and industry influencers from around the world, as well as ISMG's series of exclusive executive roundtables.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.