President-elect Barack Obama should create a new White House office to protect cyberspace from hackers, thieves and foreign agents, coordinating security efforts across U.S. military, intelligence and civilian agencies, according to a new report from a panel of leading government and industry experts.
The report, expected to be made public Monday on Capitol Hill, also urges Obama's new administration and Congress to pass new laws to allow for speedier investigations — and in some cases quicker retaliation once intruders are identified. It proposed online "data warrants," for example, rather than traditional search warrants, which it said "may be increasingly impracticable in the online environment."
Chances are good Obama will be receptive to many of the proposals: At least five members of the panel that produced the report also are working for his presidential transition team. They include former White House official Paul Kurtz, advising Obama on national security matters, and Obama technology advisers Dan Chenok and Bruce McConnell.
"Responding to a cyber attack is a tough issue," said James Lewis of the Center for Strategic and International Studies, a Washington-based think-tank that organized the commission. "Do operators respond with law enforcement, espionage or military actions? The guidelines are really unclear. The rules designed in the 1980s are slow, and the Internet is fast."
The proposals by the Commission on Cybersecurity for the 44th Presidency were being delivered to Capitol Hill during a period of increasing exasperation within the U.S. government over embarrassing computer break-ins at the Pentagon, White House, State Department, Commerce Department and elsewhere that have been traced in recent years across foreign borders, notably to Russia and China.
The report urges the Obama administration to make clear to America's enemies and allies how it will respond when it detects and traces such attacks, depending on whether break-ins are blamed on hackers, criminals or foreign governments. U.S. options could include trade or financial sanctions or military attacks.
"We have to have a solid cyber doctrine," said Jerry Dixon, former deputy director for the U.S. National Cyber Security Division at the Homeland Security Department. "When does a cyber attack rise to the occasion of requiring military action? Or maybe it's something that law enforcement or the intelligence community can deal with?"
It was unclear how the commission's new recommendations will compare with the Bush administration's proposals because President Bush chose to classify as secret most provisions of his cyber initiative, which was launched late in his second term. Bush's plans have included reducing the number of the government's Internet junctions to minimize the number of targets for attackers and monitoring federal Internet traffic more aggressively under a surveillance program it calls "Einstein."