Back in February 2009, we reported on the status of President Obama's campaign promise to develop a comprehensive cyber security and response strategy. At the time, we rated the promise In the Works, since Obama had designated Melissa Hathaway to lead a 60-day interagency review of the resources that the U.S. government had available to fight off cyber attacks. Hathaway previously served as cyber coordination executive to the Director of National Intelligence in the Bush administration.

Since then, several key developments have taken place.

• Hathaway's review is now finished and available on the White House website. It notes that the "architecture of the Nation's digital infrastructure, based largely upon the Internet, is not secure or resilient." After outlining some of the efforts that previous administrations have taken to beef up cyber security, the review provides a list of several near-term and mid-term goals. These goals include appointing a cyber security policy official and preparing a cyber security incident response plan.

• On December 22, 2009, Obama appointed Howard Schmidt to the position of Cybersecurity Coordinator. Formerly a chief security officer at Microsoft and eBay, Schmidt is responsible for coordinating cyber security activities across the government. He will also coordinate policies that encourage economic growth and commerce.

• In May 2010, Gen. Keith Alexander was appointed and confirmed to lead the new Pentagon Cyber Command, which is responsible for coordinating cyber defense and cyber attack operations. The command will run military cyber security operations and provide support to civil authorities.

• In November 2009, the the Air Force announced that 27,000 communications officers were being transferred to provide support for cyber warfare operations from general computer communications, according to the Air Force Times. In April of this year, 3,000 more officers were moved, bringing the total to 30,000.  

• In December 2009, the Department of Homeland Security completed a draft of its National Cyber Incident Response Plan. The report outlines the roles and responsibilities of various federal agencies during a cyber attack against the United States. In September of this year, DHS will hold Cyber Storm III, a multi-organization security drill to test the details of the final plan. A spokesman told us that the draft strategy will be revised based on the lessons learned during that exercise.

President Obama's actions move his promise along, but until we get a confirmation that the DHS has a finalized strategy for responding to a cyber attack, we're keeping this In the Works.