Cyber Security Initiatives – Our Last Six Presidents’ Policies and Progress on Cyber Security
President’s Day is a federal holiday that celebrates the birthdays former US Presidents George Washington and Abraham Lincoln. Many understand it as a day to honor all U.S. presidents. of the first President of the United States, George Washington. Obviously, Washington or Lincoln never had to deal with cyber security issues. And it really hasn’t been until number 40, that the United States began to seriously deal with internal protections and international policy to handle cyber security issues.
Donald Trump, 45th US President
In November 2018, President Donald Trump signed a bill creating a new cybersecurity branch called the Cybersecurity and Infrastructure Security Agency (CISA). The new CISA was out on the same level as other Department of Homeland Security (DHS) units such as Secret Service or the Federal Emergency Management Agency. The mission of CISA is to defend critical infrastructure against cyber security threats. CISA operates the National Cybersecurity and Communications Integration Center (NCCIC) which provides cyber security awareness, analysis, incident response, and cyber security defense capabilities.
During Trump’s tenure some of the largest cyber security breeches occurred including the Equifax data breach that affected 143 million US citizens, as well as Uber and Delta Airlines.
Barack Obama, 44th US President
One of the biggest accomplishments for the Obama administration was a September 2015 agreement between Obama and Chinese President Xi Jinping to end commercial hacking by the Chinese. Prior to that agreement, FBI Director James Comey stated there are “two kinds of big companies in the United States … those who’ve been hacked by the Chinese and those who don’t know they’ve been hacked by the Chinese.” Chinese corporate hacking dropped dramatically after the agreement.
Other Obama era accomplishments include:
- The National Institute of Standards and Technology (NIST) established a set of cyber security best practices widely adopted by the private sector
- The Defense Department established the US Cyber Command staffed by more than 6,000
- The US State Department established peacetime policies with other countries for applications of cyber security international law
- The US Treasury Department developed a set of cyber security specific sanctions for cyber crimes
Although there was an impressive amount of new policies and governmental structure, not much real improvement was evident during the administration. The administration suffered email breaches at State Department, the Joint Chiefs of Staff and even at the Whitehouse itself. As Obama’s time in office wound down, the Presidential election was marred by cyber security data breaches ordered by Russian President Vladimir Putin to help undermine Presidential candidate Hillary Clinton.
George W. Bush, 43rd US President
In January 2008 National Security Presidential Directive 54 (NSPD 54) was issued by George W Bush along with Homeland Security Presidential Directive 23 (HSPD 23.) The joint NSPD 54/HSPD 23 authorized DHS to set minimum operational standards for Federal Executive Branch civilian networks and empowered DHS to lead and coordinate a national cybersecurity effort. NSPD 54/HSPD 23 also contains the Comprehensive National Cybersecurity Initiative CNCI the details of which were released as twelve initiatives later in 2009.
Bill Clinton, 42nd US President
President Bill Clinton issued Presidential Decision Directive 63 in August 1998. The Directive addressed the need to protect physical and cyber based systems that are essential to operations of the national economy and government. Essential sectors identified in the Directive 63 included telecommunications, energy, banking and finance, transportation, water systems, and emergency services. Presidential Decision Directive 63 also called for representatives of the private sector in the development of infrastructure assurance plans.
George H. W. Bush, 41st US President
National Security Presidential Directive 38 (NSPD 38), known as the National Strategy to Secure Cyberspace, was a classified directive issued on July 7, 2004. The contents of this NSPD 38 were never made public. Interestingly, the Whitehouse released a second document which was also titled the National Strategy to Secure Cyberspace. NSPD 38 laid out five cyber security priorities:
- A National Cyberspace Security Response System
- A National Cyberspace Security Threat and Vulnerability Reduction Program
- A National Cyberspace Security Awareness and Training Program
- Securing Governments’ Cyberspace
- National Security and International Cyberspace Security Cooperation
Ronald Reagan, 40th US President
National Security Decision Directive 145 (NSDD 145) was issued by President Reagan in 1984. NSDD 145 gave the NSA control over all government computer systems containing “sensitive but unclassified” information. In 1987 Congress passed the Computer Security Act (CSA) which affirmed that the NIST was responsible for the security of unclassified, non-military government computer systems.