A US National Cybersecurity Strategy?

Well, it seems that Rudy Giuliani is preparing a strategy for protecting the United States from cyber-attacks. What exactly will this mean?

After all, this isn't the first time the US Government's tried this. So what's different this time?

Well, various new outlets are reporting that there'll be more of an emphasis on protecting critical infrastructure, for one thing. Perhaps this means that the federal government will take a more proactive stance in securing these kinds of infrastructural systems - things like voting systems or utilities, for example.

This may be possible, but I honestly don't see this being a smooth road. Voting systems are run by individual states, and they may very well be amenable to more federal involvement. Utilities, on the other hand, are in many cases commercial (though tightly regulated) companies. These companies have shareholders, they have IT staff, and they already have cybersecurity teams.

Now that staff and those teams may very well be over-extended, certainly. Even if they are, I don't expect they'll be happy about federal governmental involvement in day-to-day operations. I expect they'll even be less happy about an audit based or penetration testing-centric approach. Utilities operate on narrow magins. I don't expect they'll be thrilled about anything that might cut into those margins. And if anything does, I presume they'll pass the overages onto ratepayers.

This essential problem exists anywhere the federal government tries to improve national cybersecurity. Our internet backbone is operated by large, corporate ISPs after all — do you really think that Comcast will let the federal government interfere with network operations? Or Google? Or Amazon?

No chance.

Our current computational infrastructure is managed by commercial companies, not the government. And momentum in the new administration is not toward more government involvement, after all — look at what's been happening with the FCC and net neutrality. Seems to me, personally, that Mr. Giuliani really has his work cut out for him — I wish him luck.

It seems the federal government is getting serious about cyber. Again. Let's hope we can do a better job this time — we certainly need to.