Slashdot Mirror

← Back to Stories (view on slashdot.org)

President Obama Unveils $19 Billion Plan To Overhaul U.S. Cybersecurity

Posted by yaelk on from the obamas-last-push dept.

erier2003 writes: President Obama on Tuesday unveiled an expansive plan to bolster government and private-sector cybersecurity by establishing a federal coordinator for cyber efforts, proposing a commission to study future work, and asking Congress for funds to overhaul dangerously obsolete computer systems. His newly signed executive orders contain initiatives to better prepare college students for cybersecurity careers, streamline federal computer networks, and certify Internet-connected devices as secure. The Cybersecurity National Action Plan also establishes a Federal Privacy Council (to review how the government stores Americans' personal information), creates the post of Chief Information Security Officer, and establishes a Commission on Enhancing National Cybersecurity.

1 of 185 comments (clear)

  1. The endless contractor cycle has to stop by ErichTheRed · · Score: 4, Interesting

    Most of the "cybersecurity holes" can be tracked down to some contractor slapping in an insecure installation of -whatever- to do the bare minimum needed to keep the contract. This is what needs to be fixed -- contracts need to be monitored closely and terminated in cases of poor performance. Security is a human error thing mostly:
    - Not removing default passwords and accounts
    - Leaving ports open and services running that aren't necessary
    - Not keeping up with product versions and patch cycles
    - Leaving unencrypted disks full of data on trains or in cars that get broken into

    The problem is that even big companies can't manage to get this right, let alone government agencies. Big companies fall prey to the same mentality of just hiring contractors. Even the NSA did this -- if there was ever an organization that needed to do their own in-house IT, that's definitely #1 on the list. Employees will care about security when employers start demanding it.

    The solution, which is nearly impossible to implement, is to make everyone involved step their game up. Hire real, full time employees who are committed to the agencies' or companies' missions at a level slightly above "I can keep my job." Make sure everyone is trained and double-check work.