President Obama's National Cybersecurity Emergency Explained
By Rick Delgado, contributing writer
IT solutions providers can work with the government and companies to come up with effective solutions to curb and protect against the rising tide of cyber insecurity.
Although there was much attention over the recent hacks on essential American infrastructure, the fact that the United States is facing a serious cybersecurity menace was never in doubt. This was confirmed by Janet Napolitano, the outgoing U.S. Homeland Security Secretary through an open letter written to her successor in 2013. Napolitano indicated that the imminent threat to America will be so huge as to pose a challenge to basically every aspect of life; facilitating transport, accessing food, and powering homes. Her warning suggested she knew something most people in the public and cybersecurity world had no idea of.
Central control
The U.S. government was already aware. In July 2012 President Barack Obama made it clear central control — and no other measure — would work to keep the nation safe. Obama issued another Executive Order that clearly puts domestic infrastructure and the Internet in the hands of the government.
Essentially, it is now the United States’ policy to ensure security has been enhanced, including the nation’s infrastructure resilience and ensuring the cyber environment across the divide encourages economic prosperity, innovation, and efficiency. At the same time, the policy of the government is to ensure business confidentiality, security, privacy; civil liberties and safety have been promoted. All of these are to be accomplished through partnering with operators and owners of critical infrastructure to ensure an improved sharing of cyber security information and to collaborate and apply standards based on risk.
The Effect On Businesses
Clearly, the government through the Executive Order will go to any lengths to ensure national security of the public and infrastructure has been maintained, including requiring business data and other confidential information, if need be. It means hiding data considered critical from the government will be criminal.
Contravening or appearing to contravene the security of the U.S. infrastructure means that businesses could see their resources re-delegated, confiscated, and seized, including facilities, services and materials thought to be critical to the promotion of the defense of the nation as delegated by governmental agencies such as the Department of Agriculture, Homeland Security, Defense, or Labor.
The Effect On Solutions Providers
Companies offering cybersecurity solutions now have a chance to work with the government and companies to come up with effective solutions to curb and protect against the rising tide of cyber insecurity. This is clear from the description of the cybersecurity framework by the government, which is set to include procedures, methodologies, processes, and standards aligning business, technological and policy approaches to dealing with cyber risks. Demonstrating one area of need, a study conducted by SolarWinds in December 2014 claims that 53 percent of the federal government’s cybersecurity threats come from under-trained employees.
Organizations lacking security awareness programs have security incidents that cost four times higher than those of their peers according to the 2014 State of Cybercrime Survey, conducted by PWC U.S. State of Cybercrime. As such, public and private companies have to keep on working hard to ensure their networks are secured from external access. This means investing in the latest cybersecurity solutions is probably the best idea while ensuring everything an organization does will not put it at loggerheads with the federal government.