Cybersecurity Plan to Boost IT Firms, But Doubts Persist
"President Obama appointed a chief information officer and a chief technology officer for the government, which is what most private industry companies have. The third thing most private companies have is a chief information security officer," he says.
"Where’s the operational leader within the government who’s going to make sure what’s put in that IT budget is increasing security versus simply saying let’s buy more security products?" he adds. "That’s why a czar in a national security-centered thing, as far as being the operational leadership, doesn’t make sense."
Obama’s plan also calls for strengthening public-private partnerships, with the government collaborating with private companies to "find technology solutions that ensure our security and promote prosperity."
The vast majority of information networks are privately owned. But Schneier isn’t convinced that the government will be able to get private companies to participate without offering incentives or introducing new legislation.
"Companies will jump on board to the extent that it benefits their bottom line," he says. "If you tell the chemical industry that they must secure your networks to a certain level, they’re not going to jump on board. If you tell them, 'Here are your tax breaks,' then they’ll say, 'Great, I'm on board."
Nonetheless, security experts say the fact that the Obama administration is making cybersecurity a priority is a positive development. Pescatore says it’s likely that proposed legislation will be put on a faster track, such as the Information and Communications Enhancement Act, which revises the Federal Information Security Management Enhancement Act of 2002.
"It would put the government’s security requirements into every government contract, so that would help drive suppliers to the government to higher levels of security," Pescatore says.
Martin Libicki, senior policy analyst at the RAND, notes that it will be months before Obama’s plan will be fully implemented, and years before research and development efforts will be realized.
"This is the start of a process," he says, "it’s by no means the culmination."
Rob Owens of Pacific Crest Securities does not own shares in SYMC, MFE, FIRE, ARST, SAI, or NCIT.