US President Obama and cybersecurity czar Howard Schmidt have both issued statements on cybersecurity presenting very optimistic progress reports and supporting increased activity in the private sector.

Some of the points discussed in the progress reports included the recent organizational changes and new cybersecurity initiatives of the Obama administration presented as evidence that the White House is making advances on the cybersecurity front.

“President Obama appointed a Cybersecurity Coordinator to provide White House leadership on cybersecurity issues,” the progress report says. “The Cybersecurity Coordinator leads a new Cybersecurity Directorate within the National Security Staff (NSS), works closely with the economic team, and has created a close partnership with the Office of Management and Budget (OMB) and the Office of Science and Technology Policy.”

As stated before while speding a year to decide who will be the czar everyone expected, cybersecurity is considered a “key management priority” by the white house.

“Enhancing cybersecurity is a central component of the Administration’s Performance Management Agenda,” the progress report says. “The Federal Chief Performance Officer has targeted key performance strategies for improving government operations, which include moving to real time monitoring and integrating cybersecurity into system design, rather than bolting it on as an afterthought.”

I am thrilled to see things are movig along just fine and the White House is also focusing on ecouraging cybersecurity projects in the private sector as well. Let’s hope they keep it up and others start following their lead.

For more details of the two statements, visit DarkReading.

While their cybersecurity czar plans have been delayed for so long we were all a bit tired for waiting, the White House approach to fighting cyber threats seems to have found a new focus these days: recommending training, exams and detailed certification requirements for cybersecurity professionals employed or contracted by the federal government. And this is going through the careful review of a commission whose main purpose is to advise the Obama administration on cybersecurity policy.

The Commission on Cybersecurity for the 44th Presidency, which in December 2008 issued its Securing Cyberspace for the 44th Presidency report to Congress, is currently working on a sequel to that report, due sometime in late June or early July. The commission, made up of a who’s who of experts and policy-makers, is debating strategies for building and developing a skilled cybersecurity workforce for the U.S., as well as issues surrounding an international cybersecurity strategy and online authentication.

Of course, the discussion got a bit stuck in the first part of the future report, the cybersecurity workforce. With no one knowing if the new certification recommendation will take into account existing certifications or not, with people in the commission and in the field of cybersecurity having different takes on the issues, and given the need to details qualification needed for each type of IT security pro, I assume it will take a while to get to a common decision on this one

According to Tom Kellermann, a member of the Commission and vice president of security awareness at Core Security Technologies, the federal government has bigger problems: an insufficient workforce that’s about to shrink some more if certifications become mandatory requirements:

“I would suggest that we need to increase our workforce, but not ostracize those that don’t have certifications to get them or lose their jobs. They should be grandfathered in,” Kellermann says.

Exploring a movie-like scenario, I have to wonder – If they ever want to cut a deal with a genius hacker and have him/her do some anti-hacking work for them, would they care if that person has the required certifications?

The White House might have a bright, shiny plan for cybersecurity, but it seems unable to keep the security heads it needs to manage and further implement it. No less than the people holding key positions related to the USA’s cybersecurity have resigned in the past few months.

The trend was started in March by Rod Beckstrom, who at the time resigned from his position as head of the National Cybersecurity Center within the Department of Homeland Security. The said center coordinates the defense of civilian, military, and intelligence networks. The reason for Beckstrom’s resignation? As he stated in a letter quoted by the Register, the post was underfunded and unduly controlled by the National Security Agency.

The next person to announce their resignation was Obama’s top cybersecurity director, Melissa E. Hathway. What led to her decision was the long months of delays by the Obama administration in appointing a permanent director to oversee the safety of the nation’s vital computer networks. As the Register points out, Hathway was one of the best candidates for the “cybersecurity czar” position. The czar would hold the authority for securing networks and infrastructure that serve US banks, hospitals and stock exchanges.

The third and most recent top cat in the US government to go is Mischel Kwon, the head of the US Department of Homeland Security’s Computer Emergency Readiness Team. Washington Post rumor has it that Kwon  had grown frustrated by bureaucratic obstacles and a lack of authority to fulfill her mission. And it seems people in her position don’t stick around for too long, she was the fourth US-CERT director in five years.

Hopefully, the critical cybersecurity plan will eventually be implemented, without any further delays and resignations. Let’s keep our fingers crossed!

The CoSoSys team attended the Provision Security Days in Brasov, Romania over the weekend. Vendor of the most innovative and effective applications for endpoint security and portable storage devices, CoSoSys was one of the event sponsors and held a presentation on critical data security, device control and linked it to the recent Obama announcement on a White House coordinated plan to prevent cyber attacks.

I’ll reproduce here one the most significant quotes CoSoSys identified in what data loss protection is involved:

“The threat to critical data systems is among ‘the most serious economic and national-security challenges’ today”

You might wonder why economic. The answer is easy: everything translates into money. Less customers, hacked bank accounts, brand trust going down the drain, it all means loss of money. A competitor getting their hands on your prototype and producing it at a faster pace means money you’ll lose (the amount you’ve already invested) and money you’ll never get.

So what does CoSoSys offer as a solution? A best of breed endpoint security, device control and DLP solution, Endpoint Protector 2009. It effectively:

• stops data loss
• prevent data theft
• stops data leakage
• keeps data safe on the road

Speaking of data theft in the office, CoSoSys also presented a video emphasizing how easily they can be prevented. Enjoy!

US President Barack Obama has recently announced a White House coordinated security plan against cyber threats and attacks. According to the New York times that discussed the presidential speech in detail, the new plan will be carried out without any intrusions in people’s privacy. Obama promised to bar the federal government from keeping a close and permanent watch over “private-sector networks” and internet traffic.

How exactly will the plan work and how will its goals be reached? This part is unclear. What we know is that the President will appoint a new “cybersecurity coordinator”, a person with direct access to Mr. Obama and who will hopefully manage to also mediate the dissensions between the several agencies dealing with cyberthreats at the moment, such as the Pentagon, the National Security Agency, or the Homeland Security Department. According to the same article in NYTimes, this coordinator will also act as “action officer” inside the White House during cyberattacks launched on the United States by both hackers or governments.

How does this new spotlight on cybersecurity affect companies? For a lot of US companies, it’s a dream come true, as they all hoped the President will do something about the growing number of attacks.

Many computer security executives had been hoping that Mr. Obama’s announcement would represent a turning point in the nation’s unsuccessful effort to turn back a growing cybercrime epidemic. On Friday, several said that while the president’s attention sounded promising, much would depend on whom he chose to fill the role.

What I think is important to note is that the Obama announcement comes after a major shrink in IT security budgets (caused by the economic downturn), when thinks are starting to look brighter. Mixed with the major security threats and data loss cases that storm in virtual and pring newspaper and magazine pages, it will all lead to an investment increase when it comes to effective security. Which will benefit both security solution developers and companies who will no longer be exposed to significant financial losses.

Another interesting aspect of the Obama speech was his revealing information on the cyberattacks his staff had to deal with during the presidential campaign. He spoke of hackers who managed to get access to emails and campaign files, such as position papers and travel plans. The White House has finally reached a conclusion all security experts have known for quite some time, very articulately put by the US President:

“in this information age, one of your greatest strengths — in our case, our ability to communicate to a wide range of supporters through the Internet — could also be one of your greatest vulnerabilities.”