The Obama administration is on the right course in redefining America’s cybersecurity policy.
So says Jim Lewis, senior fellow for technology and public policy at the Center for Strategic and International Studies.
He told Federal News Radio’s Tom Temin and Amy Morris that the recent slew of cyber initiatives and proposals coming from the administration are part of “a real effort to redefine the policies we’ve been following in cybersecurity for about 15 years, which haven’t worked very well.”
The administration has recently issued a legislative proposal, a document on identity in cyberspace and a paper on its approach to international cybersecurity.
In an interview on Monday’s Federal Drive, Lewis gave high marks to the president’s legislative proposal, which he said contains “lots of details and new approaches towards regulation” and which he called “very helpful.”
The legislative proposal addresses the cybersecurity of federal networks and critical infrastructure in the private sector.
Lewis said that the president’s proposal has many similarities with a bill now being worked on by Senate Majority Leader Harry Reid (D-Nev.). He predicted that cyber legislation might pass in the Senate “maybe before the summer recess, certainly by early fall.”
What happens in the House with such legislation is an entirely different matter, according to Lewis. He predicted “some messy negotiations towards the end of the year.”
Lewis praised the administration for its approach to cyber threats. He said it allowed the private sector to take the lead in defining what measures might be necessary to stay ahead of threats in cyberspace.
“They made a real effort to come up with a flexible approach to letting the companies set the standards and then having the government enforce company compliance with those standards,” he said. “It’s a new way to regulate, and it’s not a bad idea.
Lewis said that previous attempts to define a national cyberidentity strategy have fallen short and that this task “may be a little difficult to pull off.”
“Identity strategy” in this context refers to the ability of online users to know for certain that they are actually dealing with the party they think they’re interacting with. This is particularly important, for example, in the case of online banking. Customers must know without a doubt that they are conducting a transaction with a certain bank and not with a counterfeit website.
“Other countries will know what that means,” Lewis said. “It means we will use all necessary means, including offensive action, to defend our interests… A lot of people are happy with that declaratory policy and that new strategy.”
(Copyright 2011 by FederalNewsRadio.com. All Rights Reserved.)