Analysis: White House plan moves cyber forward

Monday - 5/23/2011, 10:08am EDT

Jim Lewis, senior fellow for technology and public policy, CSIS

Click below to hear the interview

Download mp3

By Andrew Mitchell
Federal News Radio

The Obama administration is on the right course in redefining America's cybersecurity policy.

So says Jim Lewis, senior fellow for technology and public policy at the Center for Strategic and International Studies.

He told Federal News Radio's Tom Temin and Amy Morris that the recent slew of cyber initiatives and proposals coming from the administration are part of "a real effort to redefine the policies we've been following in cybersecurity for about 15 years, which haven't worked very well."

"So you've got a new approach laid out," he said.

The administration has recently issued a legislative proposal, a document on identity in cyberspace and a paper on its approach to international cybersecurity.

In an interview on Monday's Federal Drive, Lewis gave high marks to the president's legislative proposal, which he said contains "lots of details and new approaches towards regulation" and which he called "very helpful."

The legislative proposal addresses the cybersecurity of federal networks and critical infrastructure in the private sector.

Lewis said that the president's proposal has many similarities with a bill now being worked on by Senate Majority Leader Harry Reid (D-Nev.). He predicted that cyber legislation might pass in the Senate "maybe before the summer recess, certainly by early fall."

What happens in the House with such legislation is an entirely different matter, according to Lewis. He predicted "some messy negotiations towards the end of the year."

Lewis praised the administration for its approach to cyber threats. He said it allowed the private sector to take the lead in defining what measures might be necessary to stay ahead of threats in cyberspace.

"They made a real effort to come up with a flexible approach to letting the companies set the standards and then having the government enforce company compliance with those standards," he said. "It's a new way to regulate, and it's not a bad idea.

"If it works, it will provide that flexibility we're hoping for.

"So, everyone has gotten the message: no prescriptive regulation, which is different than saying no regulation.

"I think the shift that's been interesting to me is that you now hear people who were even in the previous administration saying, yeah, it's time to regulate, at least for some things.

"So we'll see if it works, but it's a good try."

As for the administration's National Strategy for Trusted Identities in Cyberspace, or NSTIC, Lewis sees it as the one part of the president's approach "that's going to be troublesome."

Lewis said that previous attempts to define a national cyberidentity strategy have fallen short and that this task "may be a little difficult to pull off."

"Identity strategy" in this context refers to the ability of online users to know for certain that they are actually dealing with the party they think they're interacting with. This is particularly important, for example, in the case of online banking. Customers must know without a doubt that they are conducting a transaction with a certain bank and not with a counterfeit website.

As for the White House's international cyber strategy, Lewis said "a lot of people are very happy" with it.

The International Strategy for Cyberspace declares that "the United States will respond to hostile acts in cyberspace as we would to any other threat to our country."

"Other countries will know what that means," Lewis said. "It means we will use all necessary means, including offensive action, to defend our interests... A lot of people are happy with that declaratory policy and that new strategy."

(Copyright 2011 by FederalNewsRadio.com. All Rights Reserved.)