Hello,

We noticed you're browsing in private or incognito mode.

To continue reading this article, please exit incognito mode or log in.

Not an Insider? Subscribe now for unlimited access to online articles.

Intelligent Machines

The U.S. Cyber Policy Blitz

The White House takes two steps in a week to bolster its Internet security strategy.

Over the past week, the White House has announced two big plans for improving Internet security. One is an international policy that seeks to promote Internet freedom while cracking down on the theft of intellectual property. The other is a domestic legislative proposal whose key features include tightening data-breach notification laws.

Cyber czar: Howard Schmidt, special assistant to the president and cybersecurity coordinator, speaks at the launch of the U.S. International Strategy for Cyberspace.

In recent years, dozens of cybersecurity bills have been introduced. One would have required the White House to generate detailed reports on the extent of cybercrime emanating from each nation. But the international strategy announced Monday took a broader tack, calling, among other things, for federal agencies, including the State and Defense departments, to work with counterparts abroad to forge partnerships in crime fighting. The plan recommends establishing Internet security standards and imposing some penalties on countries that don’t comply with them.

“This is a milestone in our national effort to ensure secure and reliable networks for Americans, businesses, and government; fundamentally, this proposal strikes a critical balance between maintaining the government’s role and providing industry with the capacity to innovatively tackle threats to national cybersecurity. Just as importantly, it does so while providing a robust framework to protect civil liberties and privacy,” Howard Schmidt, the top White House cybersecurity official, wrote in a blog post. Later, he told Bloomberg News: “We want nation states to be unified behind a vision like this so we can send a clear message to bad actors that there’s going to be no place for them to operate in the international sphere.”

The international plan also highlighted the importance of preventing theft of intellectual property. Two years ago, the White House, citing industry estimates, said the toll of such theft was $1 trillion in 2008. The same plan also calls for greater Internet freedoms worldwide, which is an effort to counteract some recent trends. Only last month, the Russian Federal Security Service announced that services like Gmail and Skype should be banned, though the Russian minister of communications reassured the world that the country does not plan to introduce “tight and total police control over the Internet.”

Last Friday, the White House also announced elements of a domestic legislative proposal. Its centerpiece was a proposed federal law harmonizing how companies must report data breaches that expose personal information.  Right now, this practice is governed by a patchwork of 47 state laws. The Obama administration also said it wants to toughen penalties for cyberattacks, including by expanding racketeering laws so that they would also cover online crime.

Responding to concerns that critical U.S. infrastructure—much of which is privately owned—was vulnerable to cyberattack, the domestic proposal calls for new requirements for financial institutions, power grid operators, and water companies, among others, to develop security plans that would have to be audited for their efficacy. It also would give the Department of Homeland Security a clear mandate to protect government computer networks.

For all their scope, the proposals would stop short in a key way: they wouldn’t enhance the government’s collection of data about cybersecurity, says Stefan Savage, a computer security researcher at the University of California, San Diego. The White House’s efforts would neither require detailed disclosures on the extent of financial losses caused by hacking and cybercrime at home, nor would they generate a detailed nation-by-nation accounting for the sources of cybercrime abroad. Without full data on the sources of the problem and the extent of the actual damage, it’s harder to prioritize the allocation of resources, notes Savage. “Cybersecurity generates lots of hyperbole, but absent data about the real costs, it’s pretty hard to know that the money you’re spending makes sense,” he says.

Hear more about security at EmTech MIT 2017.

Register now

Uh oh–you've read all of your free articles for this month.

Insider Premium
$179.95/yr US PRICE

More from Intelligent Machines

Artificial intelligence and robots are transforming how we work and live.

Want more award-winning journalism? Subscribe and become an Insider.
  • Insider Plus {! insider.prices.plus !}* Best Value

    {! insider.display.menuOptionsLabel !}

    Everything included in Insider Basic, plus the digital magazine, extensive archive, ad-free web experience, and discounts to partner offerings and MIT Technology Review events.

    See details+

    What's Included

    Unlimited 24/7 access to MIT Technology Review’s website

    The Download: our daily newsletter of what's important in technology and innovation

    Bimonthly print magazine (6 issues per year)

    Bimonthly digital/PDF edition

    Access to the magazine PDF archive—thousands of articles going back to 1899 at your fingertips

    Special interest publications

    Discount to MIT Technology Review events

    Special discounts to select partner offerings

    Ad-free web experience

  • Insider Basic {! insider.prices.basic !}*

    {! insider.display.menuOptionsLabel !}

    Six issues of our award winning print magazine, unlimited online access plus The Download with the top tech stories delivered daily to your inbox.

    See details+

    What's Included

    Unlimited 24/7 access to MIT Technology Review’s website

    The Download: our daily newsletter of what's important in technology and innovation

    Bimonthly print magazine (6 issues per year)

  • Insider Online Only {! insider.prices.online !}*

    {! insider.display.menuOptionsLabel !}

    Unlimited online access including articles and video, plus The Download with the top tech stories delivered daily to your inbox.

    See details+

    What's Included

    Unlimited 24/7 access to MIT Technology Review’s website

    The Download: our daily newsletter of what's important in technology and innovation

/
You've read all of your free articles this month. This is your last free article this month. You've read of free articles this month. or  for unlimited online access.