(Via Ars Technica)

There’s a new report out on US cyber security(PDF)

It’s a big-ass problem:

a growing array of state and non-state actors are compromising, stealing, changing, or destroying information and could cause critical disruptions to U.S. systems. At the same time, traditional telecommunications and Internet networks continue to converge, and other infrastructure sectors are adopting the Internet as a primary means of interconnectivity. The United States faces the dual challenge of maintaining an environment that promotes efficiency, innovation, economic prosperity, and free trade while also promoting safety, security, civil liberties, and privacy rights.

Yikes. So how does the government feel about this?

Leadership should be elevated and strongly anchored within the White House to provide direction, coordinate action, and achieve results. In addition, federal leadership and accountability for cybersecurity should be strengthened.

OK, good. I’m glad to hear that, because the last guy wasn’t really up on this stuff. He had this guy named Richard Clarke, remember? Right before 9/11 he got politely demoted for making a nuisance of himself by whining about a group called Al Qaeda. He asked to go to cyber-security, but wasn’t in the National Security Council anymore because oldster politicians think computers suck and wish they’d just go away.

So cool — glad that we’ve got someone in the White House who cares about keeping computers safe so that it’s easier for computers to Run All the Things of Man. Now that we’re down with cybersecurity, what are we going to do about it?

Well here’s an action plan from p. 8:

• Appoint a cybersecurity policy official responsible for coordinating the Nation’s cybersecurity policies and activities; establish a strong NSC directorate, under the direction of the cybersecurity policy official dual-hatted to the NSC and the NEC, to coordinate interagency development of cybersecurity-related strategy and policy.
• Prepare for the President’s approval an updated national strategy to secure the information and communications infrastructure. This strategy should include continued evaluation of CNCI activities and, where appropriate, build on its successes.
• Designate cybersecurity as one of the President’s key management priorities and establish performance metrics.
• Designate a privacy and civil liberties official to the NSC cybersecurity directorate.
• Convene appropriate interagency mechanisms to conduct interagency-cleared legal analyses of priority cybersecurity-related issues identified during the policy-development process and formulate coherent unified policy guidance that clarifies roles, responsibilities, and the application of agency authorities for cybersecurity-related activities across the Federal government.
• Initiate a national public awareness and education campaign to promote cybersecurity.
• Develop U.S. Government positions for an international cybersecurity policy framework and strengthen our international partnerships to create initiatives that address the full range of activities, policies, and opportunities associated with cybersecurity.
• Prepare a cybersecurity incident response plan; initiate a dialog to enhance public-private partnerships with an eye toward streamlining, aligning, and providing resources to optimize their contribution and engagement
• In collaboration with other EOP entities, develop a framework for research and development strategies that focus on game-changing technologies that have the potential to enhance the security, reliability, resilience, and trustworthiness of digital infrastructure; provide the research community access to event data to facilitate developing tools, testing theories, and identifying workable solutions.
• Build a cybersecurity-based identity management vision and strategy that addresses privacy and civil liberties interests, leveraging privacy-enhancing technologies for the Nation.

Ambitious — especially the public awareness campaign. How should they go about doing that? My vote is for a public viewing of the movie Hackers in every city.