Cybersecurity consensus: ‘We haven’t done enough’

President Obama on Wednesday briefly dropped by and addressed a meeting at which industry figures were being updated on U.S. cybersecurity efforts, acknowledging more progress was needed on the issue but blaming George W. Bush administration efforts as inadequate.

The meeting was led by White House Cybersecurity Coordinator Howard Schmidt, Homeland Security Secretary Janet Napolitano and Commerce Secretary Gary Locke and was attended "by an array of cybersecurity stakeholders from across the country," a statement from the White House said.

One of the stakeholders, Larry Clinton, president of the Internet Security Alliance, told The Washington Times that while he credits the administration for some improvements since its cybersecurity policy was rolled out more than a year ago, there was disappointment about the speed of progress.

"We want them to substantially pick up the pace," he said of the Internet Security Alliance, an industry-backed nonprofit that advocates market-based cybersecurity practices.

Mr. Schmidt, Homeland Security Undersecretary Philip Reitinger and Mr. Obama "all said the same thing: We haven't done enough," Alan Paller, another attendee, told The Times.

In brief remarks to the meeting, "the president said he was surprised when he came [into office] at how little had been done" by the previous administration, Mr. Clinton said.

"He called it a challenging space," Mr. Clinton added. "He said the interconnected nature [of the Internet and other computer networks] makes it very difficult to regulate and secure."

Mr. Clinton said the president's enumeration of his administration's achievements in the field made it clear that "most of the progress they can point to is in the government sector," whereas the majority of the critical infrastructure seen as vulnerable is in private hands.

In a progress report released after the meeting, Mr. Schmidt touted the administration's work to develop a national cyber-incident response plan that would coordinate federal and private responses to a major cyber-attack.

Cybersecurity has been identified by successive administrations as a key security issue because of the vulnerability of computer networks like the Internet to hackers and other criminals or spies and the degree to which vital national industries such as power and water utilities or banks rely on them.

Mr. Paller, director of research for the SANS Institute, a nonprofit group that trains computer security specialists, added that about 150 people attended the meeting, including academics, privacy advocates, representatives from the IT and communications industry, and groups representing other key sectors of critical infrastructure.

Mr. Paller said the president also touted his officials' work in beginning to "build capacity for a coordinated response plan [and] strengthened public-private partnerships."

Mr. Schmidt, he said, touted a recent decision to change the way federal departments report progress on computer security.

"The president asked me how he could know we are doing better this year than last year," he quoted Mr. Schmidt as saying. "That's the way we can measure it."

Mr. Clinton said Mr. Schmidt also addressed the question of economic incentives for improved security - something his group enthusiastically backs.

He added that the presence of the president was very encouraging to the audience, but said there was a general feeling that "there should have been more time" for questions and answers.

© Copyright 2013 The Washington Times, LLC. Click here for reprint permission.