“Right now we are not as well organized as we need to be to make sure we’re dealing with all these threats.” That was President Barack Obama from the Oval Office on Wednesday, as he announced the two co-chairs of a commission tasked with making recommendations to address the state of the nation’s cyber security.
He did not respond to requests to comment on a judge’s recent order that Apple hack an iPhone used by the San Bernardino shooters. The FBI has determined the phone may have important intelligence information, but Apple’s CEO Tim Cook responded forcefully, calling the demand “unprecedented” and vowing to fight the order.
Obama’s comments followed the debut of his National Security Action Plan last week. The plan would use the additional $5 billion the president requested for cyber security in his annual budget to finally nix some of the older “legacy” systems still in use by the federal government and create the position of a new Chief Information Security who will be responsible for ensuring progress across the board.
But considering privacy advocates have already begun protesting the idea that Apple would cooperate with the FBI, it’s clear that one of the biggest obstacles the country faces in addressing cyber security is a lack of consensus on what doing so actually entails.
Both congressional and executive action on cyber security has been surprisingly limited in recent years, despite increased acknowledgement that the country is at risk both from hacks that take huge amounts of private and government data, as well as those that threaten the lives of citizens by derailing major systems like the power grid.
The most wide-reaching action occurred at the end of last year when Congress approved the Cyber Security Information Act that increased information sharing between law enforcement, national security, and private companies. But even this bill was seriously controversial and only passed after several groups that had promised to oppose similar measures including Silicon Valley firms and President Obama ended up supporting it.
So we’re as divided about diagnosing the actual problem as we are about solving it. Do private companies share too much information with the federal government or too little? Should the federal government boost cybersecurity requirements for the private sector or get out of the way and take care of itself, while letting companies do the same?
The new leaders of the commission Obama appointed on Wednesday represent his attempt to meld national and private concerns over cyber security: Tom Donilon served as a National Security Advisor in President Obama’s own Administration, and Sam Palmisano is a former president and CEO of IBM.
The commission will produce a report by December of this year. It is perhaps the president’s last chance to prevent any fragile coalition of private sector and national security folks that still exists from splintering further. The issue has become all the more pressing for President Obama as he prepares to hand over the nation’s defenses to a new president who may not share his views on balancing the dual concerns of privacy and security.
A balanced report that takes into account both perspectives could begin to meld the current divide even as it seems poised to widen into an insurmountable gulf, as Apple, Google, and others draw their hardest lines yet.
The timing could not be more crucial as the battle over giving the government a “backdoor” into encrypted communications comes to a head during election season. Nothing could be more damaging to the relationship between the national security apparatus and the private sector than a resolution of this issue that doesn’t seriously address the concerns of both sides.
As Obama emphasized in his Wednesday remarks, the country needs a cyber security strategy that can last beyond his term or even the term of the next president. These issues will become only more important as the digital world continues to subsume more parts of our everyday lives. As is often the case with Obama, the underlying message is simple: We’re better than this.