Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Attacks/Breaches

9/13/2016
04:15 PM
Rutrell Yasin
Rutrell Yasin
Slideshows
Connect Directly
Twitter
RSS
E-Mail

Cybersecurity In The Obama Era

Our roundup of the Obama administration's major initiatives, executive orders and actions over the past seven and a half years. How would you grade the president's cybersecurity achievements?
2 of 11

Obama Orders 60-day Review of Government InfoSec Status, Readiness

In February 2009, President Obama directed the National Security Council (NSC) and Homeland Security Council to conduct a 60-day 'top-to-bottom' review of the federal government's efforts to defend the nation's information and communications infrastructure and to recommend the best way to ensure that these systems are able to secure the nation's networks as well as its prosperity.

Four months later, The White House released The Cyberspace Policy Review: Assuring a Trusted and Resilient Information and Communications Infrastructure. In a speech on May 29, Obama announced plans to develop a new, comprehensive national cybersecurity strategy, with help from private experts, and invest in 'cutting edge' cybersecurity research and development.

Obama also announced plans to appoint a government-wide cybersecurity coordinator, who would report directly to the president, and elevated cybersecurity concerns to a top management priority for the U.S. government, recommendations made by the bi-partisan CSIS Commission. Obama announced that he would appoint a national cybersecurity coordinator, who would report directly to the president.

The review also called for the launch of a large cybersecurity education campaign, efforts to better work with private businesses on cyber incident response and to establish performance metrics for cybersecurity improvement.

Illustrating the emerging threats to national security and the nation's economy, Obama noted that every day waves of cyber thieves were trolling for sensitive information - 'the disgruntled employee on the inside, the lone hacker a thousand miles away, organized crime, the industrial spy and, increasingly, foreign intelligence services.'  He noted that in 2008 alone cyber criminals stole intellectual property from businesses worldwide worth up to $1 trillion.

'In short, America's economic prosperity in the 21st century will depend on cybersecurity,' Obama said.

Leading technology executives and officials at various industry associations generally praised the Cyber Policy Review and plans to hire a cybersecurity coordinator as positive steps but wanted to see more details of the proposed plans fleshed out.

Image Source: WHITE HOUSE Cyberspace Policy Review

Obama Orders 60-day Review of Government InfoSec Status, Readiness

In February 2009, President Obama directed the National Security Council (NSC) and Homeland Security Council to conduct a 60-day top-to-bottom review of the federal government's efforts to defend the nations information and communications infrastructure and to recommend the best way to ensure that these systems are able to secure the nations networks as well as its prosperity.

Four months later, The White House released The Cyberspace Policy Review: Assuring a Trusted and Resilient Information and Communications Infrastructure. In a speech on May 29, Obama announced plans to develop a new, comprehensive national cybersecurity strategy, with help from private experts, and invest in "cutting edge" cybersecurity research and development.

Obama also announced plans to appoint a government-wide cybersecurity coordinator, who would report directly to the president, and elevated cybersecurity concerns to a top management priority for the U.S. government, recommendations made by the bi-partisan CSIS Commission. Obama announced that he would appoint a national cybersecurity coordinator, who would report directly to the president.

The review also called for the launch of a large cybersecurity education campaign, efforts to better work with private businesses on cyber incident response and to establish performance metrics for cybersecurity improvement.

Illustrating the emerging threats to national security and the nations economy, Obama noted that every day waves of cyber thieves were trolling for sensitive information the disgruntled employee on the inside, the lone hacker a thousand miles away, organized crime, the industrial spy and, increasingly, foreign intelligence services. He noted that in 2008 alone cyber criminals stole intellectual property from businesses worldwide worth up to $1 trillion.

In short, America's economic prosperity in the 21st century will depend on cybersecurity, Obama said.

Leading technology executives and officials at various industry associations generally praised the Cyber Policy Review and plans to hire a cybersecurity coordinator as positive steps but wanted to see more details of the proposed plans fleshed out.

Image Source: WHITE HOUSE Cyberspace Policy Review

2 of 11
Comment  | 
Print  | 
Comments
Newest First  |  Oldest First  |  Threaded View
desertlegion
50%
50%
desertlegion,
User Rank: Apprentice
9/19/2016 | 10:54:42 AM
Re: Right direction
I think looking at their backgrounds and who they surround themselves with. Clinton usually has people around her that have been in politics and really doesn't seem to know how to stretch beyond that, ie her server was setup like a child did it off of youtube videos. Trump has a history of getting people that know their sectors. Often he stretches out to experts when he is dealing with something he doesn't know. He seems to strive for success (historically) while Clinton strives for political positioning.
Whoopty
100%
0%
Whoopty,
User Rank: Ninja
9/16/2016 | 7:46:10 AM
Right direction
Obama has definitely gotten the ball rolling in the right direction, but I'm concerned about what comes next. Neither Trump or (and especially) Clinton really seem to understand digital security. The email server Clinton used is a prime example of that.

Is there any indication that if either of them got into power they would take it more seriously than the other?
News
Inside the Ransomware Campaigns Targeting Exchange Servers
Kelly Sheridan, Staff Editor, Dark Reading,  4/2/2021
Commentary
Beyond MITRE ATT&CK: The Case for a New Cyber Kill Chain
Rik Turner, Principal Analyst, Infrastructure Solutions, Omdia,  3/30/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-28797
PUBLISHED: 2021-04-14
A stack-based buffer overflow vulnerability has been reported to affect QNAP NAS devices running Surveillance Station. If exploited, this vulnerability allows attackers to execute arbitrary code. QNAP have already fixed this vulnerability in the following versions: Surveillance Station 5.1.5.4.3 (an...
CVE-2020-36323
PUBLISHED: 2021-04-14
In the standard library in Rust before 1.50.3, there is an optimization for joining strings that can cause uninitialized bytes to be exposed (or the program to crash) if the borrowed string changes after its length is checked.
CVE-2021-31162
PUBLISHED: 2021-04-14
In the standard library in Rust before 1.53.0, a double free can occur in the Vec::from_iter function if freeing the element panics.
CVE-2017-20004
PUBLISHED: 2021-04-14
In the standard library in Rust before 1.19.0, there is a synchronization problem in the MutexGuard object. MutexGuards can be used across threads with any types, allowing for memory safety issues through race conditions.
CVE-2018-25008
PUBLISHED: 2021-04-14
In the standard library in Rust before 1.29.0, there is weak synchronization in the Arc::get_mut method. This synchronization issue can be lead to memory safety issues through race conditions.