Friday, July 29, 2016

Better response to foreign, domestic cyber-terrorism

While Trump calls for MORE Russian hacking, Obama signs cyber-security order advancing Langevin priority

Congressman Jim Langevin (D-RI), co-founder of the Congressional Cybersecurity Caucus, released the following statement after President Obama signed Presidential Policy Directive (PPD) 41 entitled “United States Cyber Incident Coordination”:

"I commend President Obama for his continued leadership with the signing of this policy directive, which complements the Cybersecurity National Action Plan introduced earlier this year and builds on the lessons learned from the numerous cybersecurity incidents the Administration has had to respond to. I have long called for more centralization of cybersecurity efforts within government, and the cyber incident coordination plan is another important step in moving away from ad hoc processes that are simply inadequate to deal with the threat we face.

"The directive relies on principles – risk-based response, shared responsibility, and respect for victims – that should underlie any cybersecurity management plan. In particular, providing single points of authority for the different incident response lines of effort is essential to avoiding confusion, allowing for swift action in a crisis, and providing accountability.

“In order to provide the best possible "customer service" in dealing with the federal government, the PPD does not rely on victim organizations knowing whom in government to contact. This is a worthy goal, but it will require careful implementation to ensure that every agency knows how to report cybersecurity incidents that are brought to its attention; similarly, bringing in state, local, territorial, and tribal partners is a vital next step.

“The PPD also highlights the immediate need to pass legislation creating a cybersecurity and infrastructure protection agency encompassing the existing National Cybersecurity and Communications Integration Center, a central operational element of government response.


"The Administration's efforts to institutionalize cybersecurity policies before the transition is to be commended; however, it is insufficient. Congress must ensure that appropriate resources are allocated to cybersecurity, from workforce development to retiring legacy systems, and ensure that the law keeps pace with the rapidly changing technology landscape."