Tuesday, May 17, 2011

SECURITY - Global Cybersecurity

"U.S. Calls for Global Cybersecurity Strategy" by HELENE COOPER, New York Times 5/16/2011

The Obama administration on Monday proposed creating international computer security standards with penalties for countries and organizations that fell short.

While administration officials did not single out any countries in announcing the strategy, several officials said privately that the hope was that the initiative would prod China and Russia into allowing more Internet freedom, cracking down on intellectual property theft and enacting stricter laws to protect computer users’ privacy.

“The effort to build trust in the cyberspace realm is one which should be pushed in capitals around the world,” said Commerce Secretary Gary Locke, who will soon be taking over as President Obama’s ambassador to China.

The strategy calls for officials from the State Department, the Pentagon, the Justice Department, the Commerce Department and the Department of Homeland Security to work with their counterparts around the world to come up with standards aimed at preventing theft of private information and ensuring Internet freedom. A fact sheet released by the White House also promised that the United States would respond to attempted hacking “as we would to any other threat to our country.”

Attorney General Eric H. Holder Jr. called it a “historic strategy,” adding that “the 21st-century threats that we now face to both our national and international security really have no borders.”

Last week the administration released the domestic component of its new computer security strategy, increasing and clarifying the penalties for computer crimes, and giving the domestic security agency a clear mandate for the protection of the government’s own networks. That effort was intended to reverse a growing perception that penalties for attacks on government, corporate and personal computers had been relatively small.

In addition to giving the Homeland Security Department new authority over federal computer systems, the legislation calls for the agency to work with energy companies, water suppliers and financial institutions to rank the most serious threats and find ways to counter them. The law would also require each business to have an independent commercial auditor assess its plans and, in the case of financial firms, report those plans to the Security and Exchange Commission.

About time. We have international law enforcement agreements, and military security agreements, why not this one? While nations like China or North Kora will ignore this, that should not prevent the majority of nations to come up with a plan. It would protect national interests as well as individual people.