Back to cybersecurity basics

Witnesses, from left, Office of Personnel Management (OPM) Director Katherine Archuleta; OPM Chief Information Officer Tony Scott; Assistant Secretary of Office of Cybersecurity and Communications National Protection and Programs Directorate at the Department of Homeland Security Andy Ozment, and OPM Inspector General Patrick E. McFarland, testify on Capitol Hill in Washington, Thursday, June 25, 2015, before the Senate Homeland Security and Governmental Affairs Committee hearing on federal Cybersecurity and the OPM Data Breach. (AP Photo/Susan Walsh)

President Barack Obama, continuing what has become a more or less annual habit, announced yet another new plan for enhanced cybersecurity on Tuesday. And there is clearly a need for one.

The Department of Homeland Security re-confirmed that much, also on Tuesday, by announcing that it was investigating the leak of personal contact information on more than 9,000 DHS employees and 20,000 FBI employees. That breach was attributed to pro-Palestinian hackers who have also targeted top officials of the FBI, CIA and Miami police department.

President Obama underscored the urgency of this mission in a Tuesday guest column in The Wall Street Journal. He candidly acknowledged cyber fiascoes like the theft of security clearance files at the Office of Personnel Management. He laid out some common-sense steps to bolster cybersecurity.

But he also conceded that “because government doesn’t have all the answers to these complex challenges, we’re establishing a bipartisan Commission on Enhancing National Cybersecurity to focus on long-term solutions.”

And he correctly stressed the necessity of working with “top business, strategic and technology thinkers from outside government to provide specific recommendations for bolstering cybersecurity awareness and protections across the public and private sectors over the next decade.”

Clearly, this 21st century problem will face the next president, too — and is a long-term challenge for the entire nation.

For the federal government, which has been spending about $4 billion a year on cyber security without much visible success, the president’s new plan involves spending another $5 billion a year to upgrade government computer systems and software, some of which date back 50 years and many of which are stuck with outdated commercial software.

The proposal also calls for addressing ways to protect crucial infrastructure like the electrical grid from cyber attack.

When individual security lapses let thieves hack into corporate and national security secrets and international enemies take down important bits of America’s economic structure, cyber business as usual is no longer acceptable.

So the president is urging all Americans to adopt “two-factor authentication” for their password-protected cyber activity. Offered by Google and used by online banks, two-factor or multi-factor authentication requires two or more steps to access information, and the more steps required the less likely it is that the files can be hacked.

President Obama is also pressing banks and credit card companies to embed microchips in credit cards to reduce credit card fraud.

The billions lost annually to cyber crime and the vulnerability of national secrets to inadvertent disclosure (the Hillary Clinton case comes to mind) justify a comprehensive federal approach that gets back to cybersecurity basics.

At least the Pentagon has already made significant progress with a new Cyber Command that could identify sources of hostile actions and retaliating promptly — the basic requirements of a cyberwar deterrence policy.

However, countering threats to the cybersecurity of both the public and private sectors isn’t easy. And the Obama administration has obviously struggled on this front.

Still, the president deserves credit for trying a fresh approach — and for sounding the alarm again about the importance of this task.