Blog Articles

Has the White House's cybersecurity plan been effective?

Following a series of high-profile cyberattacks on large U.S. businesses in 2013, President Barack Obama released an official plan for addressing and improving digital security in the country. The New York Times noted that it had raised public and private interest in the vulnerabilities of servers when it was hacked in 2013. Following research and reporting related to the issue, The Times also found that many other U.S. companies had not only recently been targeted by hackers but that many of the attacks came from the same group - a Chinese cyberwarfare division.

One of the enduring problems in the cybersecurity realm has been international attacks

The plan
The Obama administration issued an official report in 2013 that outlined some of the current cybersecurity issues of the time, along with presenting the five areas of focus for developing stronger security practices. The five points put forth in the report are diplomatic efforts to reduce cybercrime, the promotion of voluntary best practices, enhancing law enforcement efforts, improving legislation and increasing public knowledge and outreach efforts for stakeholders.

There's little doubt the administration has put plenty of resources toward developing public knowledge and improving outreach. President Obama has been an outspoken public advocate of increased awareness in the field, appearing at events to discuss cybersecurity and advocating for legislation as well. Similarly, many companies are now using stronger, more robust cybersecurity measures to protect their own interests.

"Issues within the original scope of the report - foreign attacks and the illegal acquisition of trade secrets - remain a problem."


Areas that need improvement
The Times spoke with with James A. Lewis, a cybersecurity authority who works at Washington, D.C.'s Center for Strategic and International Studies, about the administration's successes and failures related to the plan. While some areas have seen progress, there are still plenty of issues specifically around foreign attacks on U.S. government and private business servers.

"There hasn't been any change," Lewis told The Times. "There's a lot more we can do. But we haven't reached our pain point for taking more drastic steps on cyberespionage, and the Chinese haven't reached their pain point for stopping it."

While there has been increased attention as of late related to the more general concept of cybersecurity, issues within the original scope of the report - foreign attacks and the illegal acquisition of trade secrets - remain a problem. One issue with foreign cyberespionage specifically is the lack of U.S. jurisdiction in other countries. The Times highlighted the indictment of five Chinese citizens in 2014, but also noted that the action was largely symbolic. Unless foreign governments cooperate with their American counterpart, it's extremely difficult for U.S. authorities to successfully prosecute hackers from other countries.

A broadening of scope
It's interesting to note that the report, officially titled "Administration Strategy of Mitigating the Theft of U.S. Trade Secrets" was focused specifically on trade secrets and mostly discussed hacking in terms of protecting such highly sensitive information. Of course, the current atmosphere around cybersecurity issues has extended beyond trade secrets to include all of the data stored in business servers, including financial data and personal information about both staff and customers. The current pair of cybersecurity bills working their way through the legislative process and endorsed by the Obama administration reflect this broader spectrum.

Going forward
Despite the significant level of additional effort put forth by the federal government since 2013, the onus is still on individual businesses to do much of the work of protecting their own sensitive data. Increased legal protections and awareness-raising efforts are probable in the future, but organizations have to take a proactive role in securing their own servers and defending against malicious attacks originating domestically and abroad.


Back to Cyber Security | Back to All Categories