What impact will President Obama’s cybersecurity order have on the industry?

31610 pts.
Tags:
cybersecurity
Security
President Obama issued his long awaited Cybersecurity executive order which is aimed at improving public-private information sharing. However, many skeptics believe this order won't get anything done. Do you think Obama's executive order will go through? What impact will it have on the Cybersecurity industry?

Answer Wiki

Thanks. We'll let you know when a new response is added.

This directive, like most others coming out of Washington these days, will prove to be yet another compliance burden that businesses will face.

Interestingly, looking through Obama’s Cybersecurity Near Term Actions, most of these things have already been put in place in some form: FISMA, InfraGard, the myriad of federal and state privacy/security regulations, the NIST Special Publications and CSRC resources to name a few. They’re just not being used or enforced. And, something we often see, instead of using existing resources and enforcing existing laws, politicians prefer to create new ones. It helps justify their existence.

Obama’s Near Term Actions also lay the groundwork for further government regulations on business. Death by a thousand cuts that only business owners and leaders fully understand.

Bureaucrats wanting more and more control of the economy and people will talk the talk – as if they’re the information security experts – to push these types of initiatives. Perhaps we’ll see some infrastructure security improvements at the federal government level long-term. However, I suspect this order – or any one following it – will have minimal impact on information risk in this country as a whole.

Why? Because people who are careless, overworked, under-qualified, cash-strapped, risk-ignorant, and so on will continue to look past the information security basics and keep doing things like:

  • Trust that cloud providers are always doing the right thing
  • Use phones and tablets without a trace of security enabled
  • Leave firewalls configured with no passwords and weak rules
  • Continue to overlook the value of whole disk encryption for laptops
  • Forget to set passwords on their database servers
  • Writing code that enables SQL injection
  • Ignore patches from Microsoft, Adobe, Oracle (Java) and other vendors
  • Choose to believe that basic vulnerability checks using a “PCI-capable” scanner is all that’s needed to find the flaws in servers, databases, web applications, mobile apps, or any other system with an IP address or URL

I could go on and on but you get my point. Obama nor any politician is going to truly fix these things. How about letting the free market decide which businesses survive?


I strongly believe that any such “cybersecurity” directive out of Washington is not about information security. It’s about control. They can continue layering on all this showy bureaucracy but I’m just not buying it.

Discuss This Question: 2  Replies

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when members answer or reply to this question.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
  • TomLiotta
    IMO, the impact will depend on content of upcoming reports and their followups. The reports need to be publicized. Without appropriations and clear legal directions, little will be accomplished. Appropriate publicity will be required to get matching appropriate Congressional action. For now, we can only wait and see. -- Tom
    125,585 pointsBadges:
    report
  • TomLiotta
    There doesn't appear to be anything in the Executive Order that can alter or add to any compliance burden. However, there is indeed a probability that added compliance regulations will come out of any legislation that might follow based on reports that were ordered. And there would be little compliance burden at all if 'critical infrastructure' was not seriously vulnerable. The combination of vulnerabilities, motivations to exploit them and serious risk to life and property any when exploits are effected, argue in favor of additional compliance efforts. -- Tom
    125,585 pointsBadges:
    report

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

To follow this tag...

There was an error processing your information. Please try again later.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Thanks! We'll email you when relevant content is added and updated.

Following