A letter to President Obama

Too long has the United States government struggled with the safe deployment of new technologies

Dear President Obama:

By the time you read this you will be the president-elect of the United States of America. I am writing to alert you to the serious action that is required to secure the information systems of the country that you will soon lead. To say that the US government computing infrastructure, in all of its various branches, departments, and offices, is vulnerable is an understatement. While the GAO and OMB have been doing what they can to push security they are facing staunch resistance to change.

Anyone in the private sector who has tried to implement change in security practices has encountered the resistance that is now in evidence within your government. Only through executive dictate can real change happen.

Here are my ten suggestions for immediate action to secure the United States against the threat of espionage, random attacks, terrorist attacks against cyber infrastructure, and all-out cyber warfare.

1. Immediately issue a Presidential order that establishes responsibility for cyber security with real negative repercussions for those who fail to prevent breaches. For civilians this means being fired; for the military this means court marshal, demotion, and expulsion for serious security breaches. Do not allow the blame to be foisted off on contractors. The only way that security gets implemented is if someone's job is on the line. This goes all the way to the top, of course. Whoever you appoint to replace the current Assistant Secretary for Cyber Security and Communications must understand that security breaches imply failure and those responsible will be replaced.

2. While National Institute of Standards and Technology (NIST) has been responsible for security standards and has created some great documents it is a stretch to try to make the entire government comply with them during your term as President. Those responsible for locking down government networks and defending data will need to be empowered with a set of strict rules. These rules should include:

I. All access must be explicitly authorized.

II. All users must be identified and strongly authenticated.

III. All applications must be reviewed for security vulnerabilities.

IV. All network attached systems must be scanned for vulnerabilities on a schedule.

V. All network connections must be firewalled.

VI. All firewalls must be configured to "deny all except that which is explicitly allowed".

VII. All government networks must be mapped and understood.

VIII. All data needs to be encrypted at rest

IX. All communication links need to be encrypted

X. All intrusions need to be aggressively analyzed and appropriate responses executed.

3. Empower OMB to withhold funding to any agency that does not comply in a timely (less than 6 months) manner with 1. and 2.

4. Decentralize security management. One person cannot be effective in overseeing a cyber security policy. Security is everyone's responsibility and the system should motivate responsible individuals to take action.

5. Fix the DHS information sharing capability by learning from the recent advance of social networking that helped fund your campaign. Getting members of law enforcement to collaborate effectively is not a task that can be accomplished by rolling out a quick fix technology. In a secure environment individuals could find the most effective way s to communicate and share critical information.

6. Do not confuse security awareness campaigns with actual security improvements. The time, effort, and money that is spent on publicity campaigns could be better allocated to securing government networks.

Join the PC World newsletter!

Error: Please check your email address.

Tags Barack Obama

Our Back to Business guide highlights the best products for you to boost your productivity at home, on the road, at the office, or in the classroom.

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Richard Stiennon

Network World
Show Comments

Cool Tech

ASUS ROG Swift PG279Q – Reign beyond virtual world

Learn more >

D-Link TAIPAN AC3200 Ultra Wi-Fi Modem Router (DSL-4320L)

Learn more >

Crucial® BX200 SATA 2.5” 7mm (with 9.5mm adapter) Internal Solid State Drive

Learn more >

Lexar® Professional 1000x microSDHC™/microSDXC™ UHS-II cards

Learn more >

D-Link PowerLine AV2 2000 Gigabit Network Kit

Learn more >

Gadgets & Things

Lexar Professional 2000x SDHC™/SDXC™ UHS-II cards

Learn more >


Learn more >

Lexar® Professional 1000x microSDHC™/microSDXC™ UHS-II cards

Learn more >

Family Friendly

ASUS VivoPC VM62 - Incredibly Powerful, Unbelievably Small

Learn more >

Lexar® Professional 1000x microSDHC™/microSDXC™ UHS-II cards

Learn more >

Lexar Professional 2000x SDHC™/SDXC™ UHS-II cards

Learn more >

Stocking Stuffer

Lexar Professional 2000x SDHC™/SDXC™ UHS-II cards

Learn more >

Lexar® Professional 1000x microSDHC™/microSDXC™ UHS-II cards

Learn more >

Christmas Gift Guide

Click for more ›

Most Popular Reviews

Best Deals on PC World


Latest News Articles


GGG Evaluation Team

Kathy Cassidy


First impression on unpacking the Q702 test unit was the solid feel and clean, minimalist styling.

Anthony Grifoni


For work use, Microsoft Word and Excel programs pre-installed on the device are adequate for preparing short documents.

Steph Mundell


The Fujitsu LifeBook UH574 allowed for great mobility without being obnoxiously heavy or clunky. Its twelve hours of battery life did not disappoint.

Andrew Mitsi


The screen was particularly good. It is bright and visible from most angles, however heat is an issue, particularly around the Windows button on the front, and on the back where the battery housing is located.

Simon Harriott


My first impression after unboxing the Q702 is that it is a nice looking unit. Styling is somewhat minimalist but very effective. The tablet part, once detached, has a nice weight, and no buttons or switches are located in awkward or intrusive positions.


Latest Jobs


Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?