I started my high tech career in 1987, when I arrived at EMC fresh out of business school. The CEO at that time was Richard Egan, the “E” in EMC. At each quarterly meeting, Mr. Egan would get up in front of the entire company, review the quarterly objective he had set forth for the company at the previous meeting, and grade the company on its ability to meet stated goals. This review kept the company focused on metrics and accountable for its stated objectives.
When I watched the President’s State of the Union speech earlier this week, I expected a similar type of review and status update on cybersecurity. After all, President Obama highlighted cybersecurity in his 2013 State of the Union when he stated:
“America must also face the rapidly growing threat from cyber-attacks. We know hackers steal people’s identities and infiltrate private e-mail. We know foreign countries and companies swipe our corporate secrets. Now our enemies are also seeking the ability to sabotage our power grid, our financial institutions, and our air traffic control systems. We cannot look back years from now and wonder why we did nothing in the face of real threats to our security and our economy.
That’s why, earlier today, I signed a new executive order that will strengthen our cyber defenses by increasing information sharing, and developing standards to protect our national security, our jobs, and our privacy. Now, Congress must act as well, by passing legislation to give our government a greater capacity to secure our networks and deter attacks.”
This year? No Dick Eganesque review at all – I was quite surprised when the President said absolutely nothing on the topic. Zero, zilch, nada – you get my point, the President totally dissed cybersecurity!
Now I certainly get the fact that the President has a big job and critical issues come and go. That said however, I for one am still angry. Mr. Obama ignored cybersecurity in spite of the biggest breach of a U.S. retailer in history. The President gave cybersecurity the Heisman even though he campaigned on addressing cybersecurity issues way back in 2008. And the president blew off cybersecurity, even though he himself clearly stated in last year’s State of the Union speech, “we cannot look back a year from now and wonder why we did nothing in the face of real threats to our security and our economy.” In lieu of looking back and wondering, I guess it is okay to simply ignore the issue entirely a year later.
Personally, I am pissed off that the President didn’t follow through, but I also think he missed an opportunity here because:
· People are truly concerned. Let’s face it, if 2013 didn’t give you a cybersecurity scare (what with the NY Times, Edward Snowden, South Korea, Target, etc.), nothing will. After a year of press headlines and ID theft, U.S. citizens are apprehensive about online purchases and credit cards. The President missed an opportunity to demonstrate leadership and reassure the American people that he’s got our back.
· The cybersecurity framework is just around the corner. Driven by the Executive Order, the feds are finally doing something about cybersecurity. The President missed a chance to crow about a real achievement.
I realize that the President is still committed to cybersecurity issues and I’m sure he’ll make a big splash next month when the final cybersecurity framework is announced. Still, I’m disappointed that he dropped the cybersecurity ball in his State of the Union.
My old boss Dick Egan knew that if an issue was important enough to talk about, it was worth reviewing regularly. Alternatively, the President seems content to pick up and drop cybersecurity when it is politically expedient to do so.