America has failed for too long to adequately protect the security of its computer networks, President Barack Obama said Friday, announcing he will name a new cyber czar to press for action.
Surrounded by a slew of government officials, aides and corporate executives, Obama said the U.S. has reached a "transformational moment" when computer networks are probed and attacked millions of times a day.
"It's now clear this cyber threat is one of the most serious economic and national security challenges we face as a nation," Obama said, adding, "We're not as prepared as we should be, as a government or as a country."
He said he will soon pick the person he wants to head a new White House office of cyber security, and that person will report to the National Security Council and the National Economic Council — a nod to his contention that the country's economic prosperity depends on cybersecurity.
While the coordinator's exact title has not yet been decided, Obama addressed concerns that the person might not have the budgetary and policy-making authority needed to force change. The coordinator, he said, will have "regular access to me."
As many as a half dozen candidates — from the public and private sector — are being considered for the post, according to officials familiar with the discussions.
Obama's announcement comes as the Pentagon is poised to create a new cyber command to improve protection of military networks and coordinate its offensive and defensive cyber missions.
Government officials have grown increasingly alarmed as U.S. computer networks are constantly assailed by attacks and scams, ranging from nuisance hacking to more nefarious probes and attacks, including suspicions of cyber espionage by other nations, such as China. Officials earlier this year revealed there was an attack against the electrical grid, and computers at the Pentagon were infected by a virus.
Even the president was a victim.
Obama said his presidential campaign's own computer system was attacked last year, and hackers gained access to e-mails and filed, but not to contributors or financial information.
"It was a powerful reminder: In this Information Age, one of your greatest strengths — in our case, our ability to communicate to a wide range of supporters through the Internet — could also be one of your greatest vulnerabilities," said Obama.
Laying out a broad five-point plan, the president said the U.S. must provide the education required to keep pace with technology and attract and retain a cyber-savvy work force. He called for a new education campaign to raise public awareness of the challenges and threats related to cyber security.
The newly interconnected world offers great promise, but it also presents significant peril, the president said, declaring: "Cyberspace is real, and so are the risks that comes with it."
He assured the business community, however, that the government will not dictate how private industry should tighten digital defenses. And he made it clear that the new cyber security effort will not involve any monitoring of private networks or individual e-mail accounts.
The Internet, he said, should remain open and free.
Corporate leaders and cyber experts, however, say they are concerned that the new coordinator will not wield enough power to force reluctant government agencies to put aside turf wars or dictate how they spend the millions of dollars the U.S. pours into its digital budgets.
"I expect that a position that has a lesser role, that doesn't have budget authority, that is reporting up through the NEC, would probably not result in the kinds of changes that really need to be made," said Gene Spafford, computer security expert and professor at Purdue University, where candidate Obama first pledged last year to make cyber a priority.
Obama said the coordinator will work with the Office of Management and Budget to ensure that agencies reflect the spending priorities needed.
Overall, computer company executives and members of Congress hailed Obama's announcement as a good first step, while warning that there is much hard work still to be done.
"Because the private sector owns and operates the vast majority of our nation's critical infrastructure, government and business have a shared responsibility to defend our networks," said Ann Beauchesne, vice president of national security at the U.S. Chamber of Commerce.