That’s what Jonny Oltsik is asking in his article on CBSnews.com.

Jon tells us that while the administration promised this would be a top priority, we haven’t seen diddly yet.

He contends that the most pressing issues facing the newly (if ever) appointed Cyber Czar will be:
* Emergency response
According to a GAO report of May 25, 2009 titled, Cybersecurity, Continued Federal Efforts are Needed to Protect Critical Systems and Information the Department of Homeland Security (DHS) and US-CERT have a number of major problems. The report states, “without fully implementing the key attributes, US-CERT did not have the full complement of cyber analysis and warning capabilities essential to effectively perform its national mission.” Translation: If we have a major cyber security attack we could be in big trouble. This situation must be fixed immediately.

• Train the public Let’s face it – most people who own a computer have little knowledge about security risks or best practices. Ultimately this ignorance puts our country at risk. Why? User identities get stolen and PCs turn into zombies as part of global botnets capable of attacking critical assets. We need a “Smokey the Bear” like public awareness campaign accompanied by real training programs spanning K-12, college, and continuing education.

• Champion a National ID program
Europe is way ahead on this front – Americans are extremely paranoid about privacy and “Big Brother.” Nevertheless, a nation ID could improve security and have peripheral benefits in healthcare information sharing, e-government programs, etc. Yes, it’s a political hot potato which is why a political appointee like the Cyber security Coordinator should champion this cause.

• Act as a cyber security watchdog
Cyber security programs are in constant danger of being co-opted by DOD and NSA which is sure to alienate the private sector. The cyber security coordinator needs to balance military skills with civilian requirements. Additionally, the cyber security coordinator needs to protect cyber security from fat-cat politicians who look to steer cyber security dollars toward pork barrel projects. Someone needs to call these guys to task if they stick their hands out.

• Fix the cyber security personnel problem
Think that the Federal government can attract the best and brightest cyber security professionals? Think again. According to a recent report published by the Partnership for Public Service, the Federal government is way behind in IT skills development, recruiting, and competing for talent with the private sector. Lacking security professionals the Feds turn cyber security programs over to expensive government integrators at the taxpayer’s expense. The new Cyber security Coordinator must work with the Office of Personnel Management and other agencies to streamline recruiting, fund college cyber security curriculums, bolster training, and develop career paths.

• Push through FISMA 2.0
The Federal Information Security Management Act (FISMA) of 2002 is a dinosaur that doesn’t work. At the same time, an alternative dubbed FISMA 2.0 is moving through Congress at a snail’s pace. The cyber security coordinator needs to get in Congress’s face to wrap this up by the end of the year.

• Push for Federal data privacy standards
As of this writing, there are 45 U.S. States and territories with varying data privacy laws not to mention Federal statutes like GLBA, HIPAA, and SOX. It is extremely cumbersome and expensive for organizations to interpret these laws, develop controls, and prepare for audits. The Cyber security coordinator should work with legislators like Senator Diane Feinstein (D-CA) to supersede these tactical laws with overarching Federal privacy legislation.

• Lobby for security compliance incentives for the private sector
The private sector is fed up with new regulation and mandates that carry lots of cost and no rewards. The cyber security coordinator needs to work with Congress to create compliance incentives like tax credits or priority status for new Federal contracts. More carrot, less stick.

• Unify cyber security communications
Unless you’ve spent years in the federal Government, you probably can’t make heads-or-tails of all of the cyber security programs, agencies, and acronyms. Cyber security federal-speak is simply ignored by the time-constrained private sector. The cyber security coordinator needs to unify communications, simplify programs, and get the private sector on board with federal initiatives.

• Become the cyber security face of the United States to the rest of the world
The cyber security coordinator must push for law enforcement standards and cooperation with other nations around the world.

I for one, will be happy when it finally happens – but am mortified that it still hasn’t.  This is not an “American” thing – this is a global issue that negatively impacts individuals, businesses, governments, and other entities daily – and not something we should be screwing around with.  Fix it – even if imperfect.  Taking no action is worse than taking wrong action, IMHO.

Related posts:

1. Security Or Death
2. Apple will add security features – Jonny Oltsik was right!
3. The Cloud And The Government
4. Encryption or else – it’s about time…..
5. Dumb Stuff

Tags: compliance, Cyber-security, FISMA 2.0, GAO, GLBA, HIPPA, privacy, security, SOX