Light Dark
March 23, 2015 By Rick M Robinson 3 min read
Government

The Obama administration has been the first to face the foreign policy and national security challenges of what may be called the modern age of cyberthreats and cybersecurity.

To put the pace of developments in context, the first revelation of the Stuxnet cyberweapon, believed to have crippled thousands of Iranian nuclear centrifuges, came in the summer of 2010, a year and a half after President Barack Obama took office. From a different perspective, the first iPad was released that same spring, helping to launch the modern era of mobile devices.

This is not to say that earlier developments in cybersecurity and foreign policy do not have a continuing impact. For example, as noted by Rob Price at Business Insider, the recently discovered FREAK encryption vulnerability has its roots in restrictions on exports of encryption technology that date back to the 1990s. Likewise, foreign policy decisions being made today may have an effect decades down the road, which provides all the more reason to give these policies the closest attention.

Foreign Policy in a World Without Borders

In response to emerging threats and challenges, the Obama administration has launched a wide-ranging response designed to enhance America’s cybersecurity. The foreign policy section of the White House website lists the following top five administration priorities:

  1. Protect critical infrastructure.
  2. Improve cyber incident reporting.
  3. Engage with international partners to protect the Internet.
  4. Secure federal networks.
  5. Build a security-savvy workforce by working with the private sector.

It has often been said that the Internet has no borders, and the administration’s priorities are a vivid demonstration of this fact. Of the five priorities listed, only the third is specific to the traditional role of the State Department and its diplomatic corps. As the fifth priority implies, even the lines between the government and private sector are blurred in this cyber age.

The White House also lists the following five principles that guide its cybersecurity initiatives:

  1. Whole-of-government approach;
  2. Network defense first;
  3. Protection of privacy and civil liberties;
  4. Public-private collaboration;
  5. International cooperation and engagement.

Again, only one of the five points specifically addresses the State Department, underlining the scope of cybersecurity and its independence from traditional borders. However, diplomats will still have their work cut out for them as they deal with different laws related to cybersecurity in other countries.

The principles also reiterate the crucial importance of protecting the nation’s vital infrastructure, the first in the list of priorities. As the Internet of Things emerges, this challenge will only grow — and rapidly.

For Businesses, a Call to Move Beyond Passwords

Meanwhile, for business leaders, the White House’s perspective on cybersecurity and foreign policy has specific implications that go well beyond a general call for partnership and collaboration.

The fifth priority — building a cyber-savvy workforce — also makes a particular reference to moving beyond passwords. This is a highly specific call to action that anyone involved in business cybersecurity can eagerly endorse. Passwords have emerged as perhaps the single greatest Achilles’ heel of business and everyone else’s cybersecurity. Employees and customers tend to prefer passwords such as “12345” that are easy to remember — and easy to crack. Organizations can insist their employees choose strong passwords, but this is much harder to enforce with customers, who can simply take their business elsewhere.

However, even the strongest passwords remain vulnerable to phishing attacks that trick users into revealing them. Moreover, in the age of big data and enormous traffic volume, even today’s strong passwords may prove all too vulnerable to systematic and relentless attacks.

Two-factor authentication is one improvement, but a full solution to the password challenge remains elusive. All the same, success in moving beyond passwords would be a foreign policy triumph felt directly by businesses everywhere.

 |  |  | 
Rick M Robinson

More from Government
April 18, 2024

Unpacking the NIST cybersecurity framework 2.0

4 min read - The NIST cybersecurity framework (CSF) helps organizations improve risk management using common language that focuses on business drivers to enhance cybersecurity.NIST CSF 1.0 was released in February 2014, and version 1.1 in April 2018. In February 2024, NIST released its newest CSF iteration: 2.0. The journey to CSF 2.0 began with a request for information (RFI) in February 2022. Over the next two years, NIST engaged the cybersecurity community through analysis, workshops, comments and draft revision to refine existing standards…

January 25, 2024

Updated SBOM guidance: A new era for software transparency?

3 min read - The cost of cyberattacks on software supply chains is a growing problem, with the average data breach costing $4.45 million in 2023. Since President Biden’s 2021 executive order, software bills of materials (SBOMs) have become a cornerstone in protecting supply chains.In December 2023, the National Security Agency (NSA) published new guidance to help organizations incorporate SBOMs and combat the threat of supply chain attacks.Let’s look at how things have developed since Biden’s 2021 order and what these updates mean for…

December 28, 2023

Roundup: Federal action that shaped cybersecurity in 2023

3 min read - As 2023 draws to a close, it’s time to look back on our top five federal cyber stories of the year: a compilation of pivotal moments and key developments that have significantly shaped the landscape of cybersecurity at the federal level.These stories highlight the challenges federal agencies faced in securing digital infrastructure in the past year and explore the evolving nature of cyber threats, as well as the innovative responses required to address them.New White House cybersecurity strategyThe White House’s…

Topic updates

 Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today
© 2024 IBM Contact Privacy Terms of use Accessibility Cookie Preferences
Sponsored by si-icon-eightbarfeature