White House Gets Average Grades on Cyber-Security

How well is the White House meeting its own cyber-security goals? According to a report card from one cyber-security institute, the Barack Obama administration may need some remedial classes in at least a few areas.

The National Security Cyberspace Institute (NSCI), which calls itself as a cyber-space education, research and analysis group for public, private and academic entities, in January gave the administration middling grades on cyber-security in its report, Federal Government Cybersecurity Progress: Obama Administration Report Card 2009 – Present.

The authors awarded grades for progress against recommendations contained in a 2009 60-day cyber-security review led by Melissa Hathaway, who was acting senior director of cyber-security for the National Security and Homeland Security Councils at the time. It’s referred to as the Hathaway Report in the NSCI document.

The 60-day review identified near-term and long-term action plans, and the NSCI graded the near-term plans, claiming those should have already been either completed or be nearing completion because the Obama administration has passed the halfway mark of its term. Ten items were graded from “A” to “F.”

The following lists the grades for each near-term category:

1. Appoint a cyber-security policy official responsible for coordinating the nation’s cyber-security policies and activities – Grade: D
2. Prepare for the president’s approval an updated national strategy to secure the information and communications infrastructure – Grade: D
3. Designate cyber-security as one of the president’s key management priorities and establish performance metrics – Grade: B
4. Designate a privacy and civil liberties official to the National Security Council cyber-security directorate – Grade: C
5. Conduct interagency-cleared legal analyses of priority cyber-security-related issues identified during the policy-development process and formulate coherent unified policy guidance that clarifies roles, responsibilities and the application of agency authorities for cyber-security-related activities across the federal government – Grade: B
6. Initiate a national awareness and education campaign to promote cyber-security – Grade: B
7. Develop an international cyber-security policy framework and strengthen our international partnerships – Grade: B
8. Prepare a cyber-security incident response plan and initiate a dialog to enhance public-private partnerships – Grade: C
9. Develop a framework for research and development strategies that focus on game-changing technologies that have the potential to enhance the security, reliability, resilience and trustworthiness of digital infrastructure – Grade: C
10. Build a cyber-security-based identity management vision and strategy, leveraging privacy-enhancing technologies for the nation – Grade: C

The NCSI writers summarized that they awarded the president mixed grades at the halfway point in his term. In their opinion, the White House “has made progress in cyber-security on issues that can be resolved through technological means or development of agreed-to standards of compliance and performance worked at the mid-management level.” But actionable initiatives must be set at the policy level in order for there to be sustained progress.