Trump Administration Plans a New Cybersecurity Strategy – By Joseph Marks (defenseone.com) / Oct 26 2017
The Trump administration is planning to write a new cybersecurity strategy, White House Homeland Security Adviser Tom Bossert said Tuesday, suggesting that the slew of Obama-era cyber plans and strategies are fast outliving their usefulness.
There’s no timeframe for when the strategy will launch, Bossert told reporters, but it will follow the broad outlines of a cybersecurity executive order President Donald Trump released in May.
“As soon as we’re prepared to put forward a strategy that will be beneficial to the government and the nation, we’ll do so,” Bossert said on the sidelines of a Washington cybersecurity conference hosted by Palo Alto Networks.
Like the executive order, the cybersecurity strategy is likely to be broken into three main components, Bossert said.
Those three components are: improving the security of federal government computer networks; leveraging government resources to better secure critical infrastructure, such as hospitals, banks and financial firms; and establishing norms of good behavior in cyberspace and punishing bad behavior.
The Obama administration launched a cyberspace policy review soon after taking office in 2009 and released a slew of plans and strategies including the 2011 International Strategy for Cyberspace and a 2016 Cybersecurity National Action Plan.
Those documents served their purpose, Bossert said, but it’s nature of cyberspace for plans to grow out of date. The early documents, for example, don’t contemplate the threat that quantum computing may one day pose to encryption or the values of blockchain technology, he said.
Bossert downplayed the idea of a grand “cyber moonshot” during an on-stage event and in his discussions with reporters, describing the White House’s goal as reducing cyber risk to a manageable level with plans that can be scrapped or adjusted every few years.
“We wouldn’t want to set a goal for ourselves to eradicate and end all neighborhood crime forever and ever,” he said as an analogy. “You’ll never meet that goal.”
PB/TK – There’s a reason many of Obama era cybersecurity policies have outlived their usefulness, in the electronic world everything becomes old fast. Those policies and any policies placed today or tomorrow need to be revisited every 6-7 months if not sooner. But this is the US government and if policy can’t have a snails pace of life, it’s not worth having. When will government remove itself from yesterday’s action.
