What you need to know about a new cybersecurity policy
New York’s top cybersecurity official is urging the federal government to create a cybersecurity policy that can serve as a roadmap for the private sector and federal employees.
In a letter to Secretary of Homeland Security Jeh Johnson, Peter Smith, deputy secretary of homeland security, said the government has a “unique set of opportunities” in the cybersecurity arena, and that the cybersecurity policy should provide guidance to businesses and the public.
The policy should be open to public comment, Smith wrote, and should include policies on cybersecurity risks, threat mitigation, and cybersecurity readiness.
Smith also urged Johnson to consider how to “reduce the risk that your department and your agency are perceived to be acting in bad faith or recklessly,” and to encourage companies to “take the time to learn about cybersecurity threats and develop appropriate security systems and policies.”
Smith has long been critical of the Obama administration’s cybersecurity strategy, which he says is focused on “deregulating” the government and private sector, and is a “dreadful echo” of the Bush administration’s post-9/11 approach.
“We have to start again from scratch, and we have to stop talking about this,” Smith said in an interview.
“If you want to be a part of this country, you have to be able to build a real cybersecurity program.”
The Obama administration is also grappling with its first cybersecurity crisis since 2009, when a Chinese military cyber attack crippled a major U.S. corporation and killed nearly a million people.
Smith, who has served as the U.K.’s top cybersecurity czar for five years, is also concerned about the way the U