Risk
3/26/2009
04:41 PM
Connect Directly
Twitter
RSS
E-Mail
50%
50%

Obama Cybersecurity Team Consults Rights Groups

Civil liberties, privacy, education, and public-private partnerships are at the forefront of the government's cybersecurity initiatives.

President Obama's cybersecurity team is working closely with civil liberties and privacy groups to make sure steps to secure the nation's computer infrastructure don't overstep the bounds of individual rights, two members of the House of Representatives said today.

In a press conference after meeting with Melissa Hathaway, acting senior director for cyberspace for the National Security and Homeland Security Councils, Rep. Yvette Clarke, D-N.Y., and Rep. James Langevin, D-R.I., said that they expected Hathaway to complete her 60-day review of the nation's cybersecurity within a month.

"Working with civil liberties groups will be at the forefront of how we do cybersecurity going forward," Langevin said. "It's a forethought rather than an afterthought, because we're going to have to have buy-in from the public." He added that he was pleased to hear Hathaway say that there needs to be a public education portion of any major cybersecurity initiative.

It's unclear exactly what kinds of recommendations Hathaway's report will make, but Langevin said he expects cybersecurity will be a multibillion-dollar effort going forward, and that there may be an increase in Office of Management and Budget staffing to manage oversight of the country's cybersecurity budget.

Langevin and Clarke said Hathaway is focusing partially on the need for much deeper public-private cooperation on cybersecurity, including a set of "expectations for the private sector" and a plan to develop some sort of road map for industry cooperation with government on cybersecurity.

As to how cybersecurity will be coordinated under the Obama administration, Langevin and Clarke were short on details, other than citing the need for an interagency action plan.


InformationWeek will highlight innovative government IT organizations in an upcoming issue. Nominate your agency by submitting an essay on your most innovative IT initiative completed in the last year. Find out more, and nominate your organization by May 1.

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Flash Poll
Current Issue
Cartoon
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-0640
Published: 2014-08-20
EMC RSA Archer GRC Platform 5.x before 5.5 SP1 allows remote authenticated users to bypass intended restrictions on resource access via unspecified vectors.

CVE-2014-0641
Published: 2014-08-20
Cross-site request forgery (CSRF) vulnerability in EMC RSA Archer GRC Platform 5.x before 5.5 SP1 allows remote attackers to hijack the authentication of arbitrary users.

CVE-2014-2505
Published: 2014-08-20
EMC RSA Archer GRC Platform 5.x before 5.5 SP1 allows remote attackers to trigger the download of arbitrary code, and consequently change the product's functionality, via unspecified vectors.

CVE-2014-2511
Published: 2014-08-20
Multiple cross-site scripting (XSS) vulnerabilities in EMC Documentum WebTop before 6.7 SP1 P28 and 6.7 SP2 before P14 allow remote attackers to inject arbitrary web script or HTML via the (1) startat or (2) entryId parameter.

CVE-2014-2515
Published: 2014-08-20
EMC Documentum D2 3.1 before P24, 3.1SP1 before P02, 4.0 before P11, 4.1 before P16, and 4.2 before P05 does not properly restrict tickets provided by D2GetAdminTicketMethod and D2RefreshCacheMethod, which allows remote authenticated users to gain privileges via a request for a superuser ticket.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Three interviews on critical embedded systems and security, recorded at Black Hat 2014 in Las Vegas.