Thursday, March 12, 2009
Let me preface this entire blog by stating that I am neither republican nor democrat. I consider myself moderate and in turn find good and bad in both parties. With that said, this blog isn’t based on how I view politics, but rather how I view the new administration with regards to information security. I believe that President Obama’s administration may be good for information security (emphasis on “may” and “information”).
There is no question that President Obama ran the most technological campaign in American History. President Obama leveraged social networking sites like Facebook, online resources such as YouTube and Twitter, as well as his own website to reach out to the masses. At the end of President Obama’s campaign approximately 1.5 million accounts were created on “myBarackObama.com”. Barack Obama received over $600 million in contributions from more than three million people, many of whom donated through his website. This fact leads me to my first point. With this type of internet presence, I can only assume that information security had to be at the forefront of this campaign. After all, it doesn’t exactly look good if myBarackObama.com website is hacked allowing information for over 1.5 million people to be compromised.
The Obama administration is currently reviewing the policies and procedures for defending cyberspace and plans to propose any changes by the end of April. Now obviously we will have to wait to see what comes from this review to really determine just how the new administration views information security but the fact that they are taking on this task so early in the administration, in the midst of more serious problems, does say something. What that “something” is, has yet to be determined. This leads me to my second point and I will defend this position with blurb from an article written by Robert Lemos in an article titled “Law makers voice concerns over cybersecurity plan” posted on securityfocus.com:
“The U.S. government gave short shrift to cybersecurity issues at the beginning of the decade. While the Bush Administration released its National Strategy to Secure Cyberspace in 2003, the final document significantly softened the government's stance on securing critical infrastructure, which is primarily maintained by private companies. The Administration also collected most of the cybersecurity capabilities into the Department of Homeland Security and then failed to fund the efforts. While Congress established the position of Assistant Secretary for Cybersecurity within the DHS in 2005, the Bush Administration failed to fill the leadership role for more than a year, finally appointing Greg Garcia, a former information-technology lobbyist, to the post. In the last two years, however, the Bush Administration has focused more intently on securing government networks.”
It does certainly appear that the new administration is taking a more timely and proactive look at cyber security than the previous administration. That’s not to say that my opinion would not change if, in April, it comes to fruition that the new administration is actually cutting our cyber security defenses.
My last point will be made with a couple sections from an article titled “Staff Finds White House in the Technological Dark Ages” written by Anne E. Kornblut in the Washington Post:
“…Obama officials ran smack into the constraints of the federal bureaucracy yesterday, encountering a jumble of disconnected phone lines, old computer software, and security regulations forbidding outside e-mail accounts.”
It later states:
“The team members, accustomed to working on Macintoshes, found computers outfitted with six-year-old versions of Microsoft software. Laptops were scarce, assigned to only a few people in the West Wing. The team was left struggling to put closed captions on online videos.”
Some of you may ask, “Why this is important?”, or, “How do the above statements make the Obama administration any more or less security focused?” To answer these questions I will ask you this: Why was this important to the Obama staff in the first place and how exactly did it make national news? My only guess is someone in Obama’s administration must have realized that running Windows 95 may not be the most security conscious decision and therefore needed to be remediated. This is something I would have expected the previous administration to have known was a problem and have corrected long ago.
Posted by Andrew Weidenhamer at 3:31 PM