The Cybersecurity Barn Door

President Obama's speech today and the release of Melissa Hathaway's 60-day cybersecurity review are clear signals that cybersecurity is finally getting the attention it deserves, especially given its strategic importance to national security. As Obama said in his speech, technology now controls everything from our weapons to our water supply. Protecting our networks has become synonymous with protecting our borders. So why has it taken so long for the issue to reach the highest level?

As many cybersecurity experts have told me over the past couple years, almost everything worth taking from the government in terms of data has already been pilfered by hackers, organized crime and foreign governments. Everything from the design of our latest military aircraft to the president's campaign Web site has been penetrated, phished, downloaded or shut down completely. And yet somehow the issue remained below the radar of past presidents. To some, today's announcement is a bit like shutting the barn door after the horses have already been stolen.

As good news as this is for cybersecurity, the report still doesn't clear up the turf war over who will have responsibility for securing federal networks, particularly with regards to offensive capabilities. There was no mention of the National Security Agency on Friday, beyond Obama's assurance that the government would not be monitoring Internet traffic. Likewise, no mention was made of the Pentagon's plan to create a new military command for cyberspace.

Regardless, it's hard to see this as anything but a victory for the federal IT community. SANS Institute director Alan Paller told me today that people who were disappointed with the report are likely the victims of oversized expectations. The very fact that the president of the United States would make a nationally-televised speech where he spoke knowledgeably about the cyber threats to our digital infrastructure is a huge step towards raising awareness of the importance of the issue.

Obama has done what no other president so far has been willing to do: shoulder the responsibility of protecting the nation from cyberattacks. Whereas in the past the attacks were either covered up or treated with a shrug, Obama has promised to make cybersecurity a national security issue and a management priority. While that's certainly admirable, it also makes him accountable if, or rather when, the next massive data breach occurs.

Let's hope the new cyber czar is quickly appointed and hits the ground running. If six months from now someone manages to shut down the power grid, the public now knows where the buck stops.