The National Security Cyberspace Institute has released a report that examines the White House record on cybersecurity policy over the last two years.
The grades earned by the Obama administration are mediocre at best, and certainly do not live up to the current challenges facing national cybersecurity in the wake of Aurora, Stuxnet, and WikiLeaks.
The report is based on evaluation of the progress made on initiatives set forth in the 60-Day Cyberspace Policy Review, commonly referred to as the "Hathaway Report".
The institute issued standard letter grades on ten categories of security initiatives, and provided strong rational or their determinations on each item.
"Although we acknowledge the degree of difficulty involved in achieving a 'A' grade, we also should note how hard it would be to score an 'F.' Only a complete disregard of the recommendation would have resulted in a failing grade," the report states.
"We awarded grades solely on our view of actual progress – not on good intentions, flowery rhetoric, the number of meetings held, commissions commissioned, or number of times administration officials have mentioned the word 'cyber'."
The following is a brief summary of the initiatives and the corresponding grade issued in the report:
1. Appoint a cybersecurity policy official responsible for coordinating the Nation’s cybersecurity policies and activities. Grade: D
2. Prepare for the President’s approval an updated national strategy to secure the information and communications infrastructure. Grade: D
3. Designate cybersecurity as one of the President’s key management priorities and establish performance metrics. Grade: B
4. Designate a privacy and civil liberties official to the NSC cybersecurity directorate. Grade: C
5. Conduct interagency-cleared legal analyses of priority cybersecurity-related issues identified during the policy-development process and formulate coherent unified policy guidance that clarifies roles, responsibilities, and the application of agency authorities for cybersecurity-related activities across the Federal government. Grade: B
6. Initiate a national awareness and education campaign to promote cybersecurity. Grade: B
7. Develop an international cybersecurity policy framework and strengthen our international partnerships. Grade: B
8. Prepare a cybersecurity incident response plan and initiate a dialog to enhance public-private partnerships. Grade: C
9. Develop a framework for research and development strategies that focus on gamechanging technologies that have the potential to enhance the security, reliability, resilience, and trustworthiness of digital infrastructure. Grade: C
10. Build a cybersecurity-based identity management vision and strategy, leveraging privacy-enhancing technologies for the Nation. Grade: C
The full report, with detailed explanations of the initiatives and the factors that led the institute to arrive at the final grade can be found here: