An Early Look at Obama's IT Security Plans

  • Eric Goldman

24 Jan 2009   ::   Security   ::   #national security #Obama #cyber infrastructure #legislation



This article [1] by McMillan outlines some of President Obama’s plans and initiatives related to cyber security. The Obama administration is very interested in taking additional action at the federal level in order to clarify the .patchwork. of current state laws. The objectives primarily deal with strengthening protections from cyber terrorists and digital espionage. The Obama plan is based off of his objectives outlined during his campaign and is line with the recommendations from top experts. The plans will continue and likely accelerate initiatives which were previously outlined during the Bush administration. It is interesting to note that Obama does not simply state that America must address security concerns, but states that our cyber security is a .critical national asset..

Relation to Enterprise Security

While many issues of enterprise security are related to an organization’s self preservation, a great deal of planning and action is related to government regulations. As the federal government increases its focus on cyber security, there will be a great increase in the number of laws passed. While some laws will simplify or improve existing legislation, both at the state and federal level, other legislation will likely arise to increase restrictions and reporting requirements. As a result, some enterprises may not be able to function for some period of time as they work to meet compliance or adjust practices to meet government requirements. If the government applies legislation broadly across sectors it could have many positive outcomes. Training and education will transfer across different businesses. In addition, it will be easier to develop future education programs and understanding of core security needs, as opposed to learning how to comply with some specific set of laws. However, the other possibility is that a great deal of time and resources can be used to create specific, detailed legislation that will likely need constant revision to remain useful.

In addition to regulation, public sector practices and policies will need to be addressed by some private sector companies. For example, defense contractors and other organizations which interact with government information systems or perform classified work will need to change their policies in order to meet the internal government requirements. While these security considerations may not be enforced through regulation, failure to meet the same standards as internal government systems can result in termination of contracts and other agreements.

Overall, a strong focus on cyber security will result in long run improvements. The most important outcome will be increased awareness both by enterprises and individuals. When individuals are more aware of security concerns there is a lower likelihood of risky behavior, and in addition they are more likely to comply with an organization’s security practices. In addition, high level management will give stronger consideration to enterprise security needs, enabling CISOs/CSOs to get the funds needed to implement security programs within the organization.


As Worthen [2] notes, in the past cyber security did not receive the attention it deserved from the federal government. While efforts were made under the Bush administration, critics said they were not moving quickly enough to address the evolving challenges. An interesting point made by Worthen is that perhaps cyber security does not receive as much attention because a cyber/digital attack is not as readily noticeable as physical attack; the effects of a bombing are evident, whereas the victim of identity theft may not know for a prolonged period of time that he was victimized. The article further goes on to explain that critical elements of our national infrastructure are not even in the government’s hands, such as the banks and utility providers. As a result, the government must infuse security efforts in the private sector to truly ensure security. This can be a very difficult task as there are many areas that will likely need to be addressed and it may be very difficult to decide how much and who should receive funding. However, as noted earlier, increasing general awareness is an important step. If the president maintains his strong focus on securing national security private organizations and individuals are more likely to talk about security and make individual efforts to protect themselves.

In looking at the White House report [3] it is clear to see that cyber security is being addressed in many aspects of national defense. First, a national cyber security advisor will be selected to coordinate efforts across agencies and to develop policies. The creation of such an office will ensure that cyber security is not just reviewed by some think tank of working group, but that there is someone constantly reporting to the President about important issues. Many of the points outlined will work to increase national security by addressing concerns in the private sector through legislation. Initiatives will also be created at all levels in order to investigate and prosecute cyber crime. This could result in a reduction of “.script kiddies” or other minor attackers through fear of prosecution, allowing authorities to focus more on true criminals and issues with a greater impact on national security. Also of great importance are new cross-industry privacy initiatives which will seek to standardize privacy practices in order to reduce the ease of identity theft and privacy related crimes.


  1. McMillan, Robert. Obama plan says cyber infrastructure is ‘strategic’. Computerworld. [Online] International Data Group Inc., January 22, 2009. [Cited: January 23, 2009.]

  2. Worthen, Ben. Obama’s Cyber-Security Agenda. The Wall Street Journal. [Online] Dow Jones & Company, Inc., January 16, 2009. [Cited: January 23, 2009.]

  3. The White House. Homeland Security. The White House. [Online] January 2009. [Cited: January 23, 2009.]