DELUSIONS OF ADEQUACY: WHY PRESIDENTIAL POLICY DIRECTIVE 41 FALLS SHORT

Delusions of Adequacy

President Obama’s recent policy directive on cybersecurity was eight years in the making. Unfortunately, its proposed actions are barely adequate to the massive task of defending against the onslaught of daily cyber attacks on U.S. companies and Government agencies.

The new document, Presidential Policy Directive 41, is supposed to improve government and private-sector coordination in dealing with major cyberattacks. Among other things, the directive lays out which agencies will handle tasks related to a major cyber breach.

For example, the FBI gets tasked with conducting breach investigations, while DHS has the lead for providing “technical assistance” to breach victims “to protect their assets, mitigate Vulnerabilities, and reduce impacts of cyber incidents.”

The White House’s office of the Director of National Intelligence takes the lead for “intelligence support and related activities.” And of course there will be lots of “coordination” among these agencies through a newly set up Cyber Unified Coordination Group.

New Color Scheme for Cyberattacks

In addition to the directive, the administration released a five-level cyber incident severity schema, setting up a common framework for assessing the severity of cyber attacks, similar to the DHS’s national terrorism advisory system threat-level matrix. There is an attractive color pallet of white, green, yellow, orange, red, and black to categorize everything from an “inconsequential event” to a cyber event that “poses an imminent threat” to critical infrastructure, federal government stability, or to the lives of U.S. citizens.

Unfortunately, the U.S. government has zero credibility when it comes to establishing effective policies and procedures on cybersecurity. Just look at the number and scope of federal agency breaches over the last few years – the Office of Personnel Management, the Internal Revenue Service (twice), the State Department, the U.S. Postal Service, the Department of Commerce, and the Federal Deposit Insurance Corp, not to mention the recent Democratic National Committee email hack and Hillary Clinton’s questionable handling of government email while she was secretary of state.

While highly regulated industries must provide strong data security or face government fines or other regulatory action, no one is keeping the government itself honest; no one is threatening the government with fines or any other actions. Accountability forces the private sector to be proactive about data security, but the government can do anything it wants.

Securing Data Before It Is Breached

But the directive and schemata beg the question: What are you going to do to secure your data before it is breached?

This directive does nothing to help CIOs, whether in the government or in the private sector, prevent these breaches in the first place. The guidelines are too focused on what to do after an attack – there is no mention of any type of preventative measures improving user behavior.

Instead, public and private entities should be asking: What kind of sensitive data do we have, and who needs to access it? What is our plan for controlling who has access to data? What are more secure ways people can share this sensitive data other than email? Does our current security plan have provisions for data at rest and data in motion?

Most companies have strong protection of data at rest when it is stored on their servers. But when data is in motion, within the company or to outside individuals or vendors, protections are often weak. The weak link in your data security plan is when data is in motion and/or outside of your control.

Instead of expecting the federal government to do something, it is up to the private sector to take action to protect data at rest and in motion before the data is stolen by cyber criminals or nation-states.

By Daren Glenister

Shells.com – Your Personal Cloud Computer

Shells.com – Your Personal Cloud Computer

Personal Cloud Computer Shells, a robust virtual desktop infrastructure, ensures better performance by enabling its users to incorporate a layer of virtualization between the control server and any device that they choose. This way, it ...
Mark Rochester

Why Remote Migrations are Essential for Business Continuity

Remote Business Continuity We are approaching a banner year for the cloud. The COVID-19 pandemic has highlighted the importance of cloud technology to enable resilience and business continuity, and it will be a critical time ...
Rick Braddy

The Secrets to Achieving Cloud File Storage Performance Goals

Storage Performance with Cost Reduction By 2025, according to Gartner, 80 percent of enterprises will shut down their traditional data centers. As of 2019, 10 percent have already shifted their data centers and storage to ...
Simplifying and Streamlining Cloud Management with AI

Simplifying and Streamlining Cloud Management with AI

AI Cloud Management Software with artificial intelligence capabilities layered with cloud computing can allow businesses to improve their data management, visualize insights that represent patterns in information, deliver a better customer experience, and optimize their ...
Scott Leatherman

Beware the Perils of Blind Cloud Provisioning

The COVID-19 Rush to the Cloud Results in Steep Costs and Chaos For many companies, their data center capacity was not built for the instant tsunami-sized jolt of increased load caused by the global pandemic ...

PROXY SERVICES

The CloudTweaks technology lists will include updated resources to leading services from around the globe. Examples include leading IT Monitoring Services, Bootcamps, VPNs, CDNs, Reseller Programs and much more...

  • Smartproxy

    Smartproxy

    Smartproxy is a rising star in the constantly growing proxy market. Smartproxy offers awarded customer service, impressive performance, and is serious about your anonymity (yes, cybersecurity matters). The latest features developed by Smartproxy are 30 minute long sticky sessions and Google Proxies. Rumor has it, the latter guarantee 100% success rate

  • Bright Data

    Bright Data

    Bright Data’s network is one of the most robust of its kind globally. Here are its stark advantages: Extremely stable connection for long sessions (99.99% uptime guaranteed). Free to integrate with our Proxy Manager which allows you to define custom rules for optimized results. Send unlimited concurrent requests increasing speed, cost-effectiveness, and overall efficiency.

  • Rsocks

    Rsocks

    RSocks team offers a huge amount of residential plans which were developed for plenty of tasks and, most importantly, has been proved to be quite efficient. Such variety has been created on purpose to let everyone choose a plan for a reasonable price, online, rotation and other parameters.

  • Storm Proxies

    Storm Proxies

    Storm Proxies' network is optimized for high performance and fast multi-threaded tools. You get unlimited bandwidth. No hidden costs, no limits on bandwidth. Try Storm Proxies 100% Risk Free. If you are not happy with the service email us within 24 hours of purchase and we will refund you.