Margaret Walsh

Soon after he took office, President Obama asked for a wide review of the federal IT security landscape. The review's purpose: to assess what laws and regulations exist, how effective they are, what needs to be changed and how government can work with corporations to protect the country and share technology ideas.

The review, released in May, found 250 points to address in areas ranging from simply educating the public about cybersecurity to the more-complex and politically contentious issues of building a secure identity management system and devising a "cyber incident response" policy similar to how the White House monitors terrorist attacks and natural disasters. At a press conference to release the review, Obama defined the digital infrastructure as a "strategic national asset," the defense of which should be a national priority.

To read more, see Moving Target and System Security: 5 Ways to Improve Your Defenses Against Attack.

A privacy and civil liberties official should be added to the National Security Council, the review also advised. And to promote U.S. use of "game-changing technologies," more shared government-private sector research and development should be done.

The review didn't bowl over many security experts who have been calling for similar changes for years. Indeed, the Center for Strategic and International Studies released a report in December saying much the same thing, done by fewer people in less time. The big news was Obama's creation of the position of Cybersecurity Coordinator, reporting to him and belonging to both the national security staff as well as the National Economic Council.

It's the cross-agency reach and Obama's pledge to work closely with the private sector that will make the "cybersecurity czar" (who had not been named at press time) successful, says Eugene Schultz, CTO of consultancy Emagined Security. "Odds are higher that we will have sane management of this."

Do you Tweet? Follow me on twitter @knash99. Follow everything from CIO Magazine @CIOMagazine.

The European Commission is seeking to strengthen cooperation between law enforcement and private industry worldwide as well as increase penalties for those engaged in cybercrime, a senior official said on Wednesday.

Countries such as Estonia and Lithuania have been victimized by cyberattacks, but officials in those countries have complained they didn't get support fast enough from other nations, said Radomir Jansky, one of the top cybercrime officials within the Commission's Directorate-General for Justice, Freedom and Security.

"Large-scale attacks are on the rise, and we need to deal with them," Jansky said at the Messaging Anti-Abuse Working Group meeting in Amsterdam. The conference is attended by ISPs and industry professionals who discuss issues such as spam, e-mail marketing issues and botnets.

In April and May 2007, Estonian Web sites belonging to banks, schools and government agencies fell under denial-of-service attacks after a World War II memorial to Russian soldiers was moved from a public square. Georgia experienced cyberattacks in August 2008 as Russia invaded Georgia's South Ossetia and Abkhazia regions.

The Commission is updating the Council Framework Decision on Attacks Against Information Systems, which went into force in 2005, Jansky said. European Union countries are not bound by law to abide by the framework, but it is recommended that they follow it.

The update, which has not been published yet, will likely recommend that countries across Europe increase the sentences for those convicted of cybercrime since there doesn't appear to be much of a deterrent effect now, Jansky said.

Sentences now range from one to three years, but countries such as Estonia, France, Germany and the U.K. have longer ones, he said.

The updated framework may also recommend that countries respond to a request for help in a cybercrime investigation from other countries faster, such as within eight hours. Now, there is no time limit, Jansky said.

There is also a need for a unified system that enables E.U. countries to report cyberattacks, prosecutions and other criminal reports. The data would help create a more complete picture on the scope of cybercrime, Jansky said. Countries also need to agree on an acceptable format for reporting that data.

"We need to have more data," Jansky said.

In March, the Commission published a draft of a second framework under revision, the Council Framework Decision on Combating the Sexual Exploitation of Children and Child Pornography.

That framework is seeking to tackle new scenarios of concern regarding Internet-related child abuse. The framework will likely recommend new criminal offenses related to grooming, the viewing of child pornography without downloading images and allowing the use of covert tools during investigations, Jansky said.

The framework will likely be published by the end of the year, as the Council of the European Union is still working out the details, Jansky said.