A bunch of folks have been sending in the various news stories about a new report recommending to the incoming presidential administration a set up a national cybersecurity policy
, which is the sort of broad pronouncement that many people would instinctively agree with. However, it's not really clear what this covers. The report covers both government and private companies' computer networks
, as if the issues and challenges facing each should be covered under a single plan. There's also talk of some new kind of warrant called "data warrants" rather than search warrants. Obviously, protecting internet infrastructure from foreign attacks is a good thing, but there's a lot here that seems like a grab for power -- and the ability to more closely gather and monitor data.
The fact that government networks and security of government computers is a mess is one issue, but it shouldn't be mixed in with private companies protecting their own data. The two issues should be tackled separately. If the government needs to fix its own computer network and security policies, that seems like a reasonable job for the national CIO that Obama has indicated is a part of his plan, rather than a separate cybersecurity policy.