President Obama cracks whip on cybercrime
Photo credit: MANDEL NGAN/AFP/Getty Images
February 12th, 2013
10:50 PM ET

President Obama cracks whip on cybercrime

By David Goldman

Having run out of patience for Congress to act on a cybersecurity bill, President Obama has decided to take matters into his own hands.

Obama signed an executive order on Tuesday addressing the country's most basic cybersecurity needs and highlighted the effort in his State of the Union address.

"We cannot look back years from now and wonder why we did nothing in the face of real threats to our security and our economy," Obama said.

The order will make it easier for private companies in control of the nation's critical infrastructure to share information about cyberattacks with the government. In return, the Department of Homeland Security will share "sanitized" classified information with companies about attacks believed to be occurring or that are about to take place.

The order also directs the government to work with the private sector on standards that will help protect companies from cybercrime, though there is nothing in the order about how this will be enforced.

This is hardly comprehensive, but at least it's something aimed at protecting our nation's power, water and nuclear systems from attack. That's more than Congress can say it has accomplished. Lawmakers failed to pass any of the dozens of cybersecurity bills aimed at meaningfully securing critical infrastructure from an online criminals.

Meanwhile, the number of attacks on critical infrastructure companies reported to a U.S. Department of Homeland Security cybersecurity response team grew by 52% in 2012, according to a recent report. Several of them resulted in successful break-ins.

While Obama's plan to remedy the problem is a start, critics say it has major limitations that make the order virtually meaningless.

"It doesn't have any teeth; it has no backing," said Rob Beck, critical infrastructure cybersecurity consultant for Casaba Security. "This is not going to have any measurable impact on anything."

Administration officials acknowledged the order's limitations on Tuesday, but insisted the changes will have a meaningful impact.

Unlike Congress, the president alone does not have the power to protect companies from lawsuits when they are engaged in information sharing. Since the data they'd be handing over to the federal government could include private information from customers, companies likely won't share that information without guaranteed protections.

"Businesses have to be good citizens, but they also have to be concerned about their liabilities and interests of their users," said Evan Brown, senior counsel with InfoLawGroup, a law firm focused on digital privacy and cybersecurity issues. "There are all kinds of ramifications if companies are found not to be good protectors of user privacy."

There are also concerns that the government's data won't be revealing enough. Unless the government provides details of where an attack is likely to come from and gives specific information about which systems are likely to be hit, the agencies won't be telling critical infrastructure companies anything they don't already know.

"I've seen sanitized classified documents - I'm not sure how useful they'll be," said Beck. "They'll say your systems are a target, but no one in this field thinks their systems aren't a target."

Despite partisan bickering over how to accomplish the task, virtually everyone agrees the status quo is unacceptable. Today, when companies are breached, most of that information stays internal. Companies don't want to be viewed by their customers, competitors or shareholders as weak on security, so few outsiders find out when a cyberattack has taken place.

Lawsuits and public scrutiny over privacy violations could be damaging, but they'd pale in comparison to the outrage that would ensue if a company failed to prevent a crippling cyberattack. Remember how upset the nation was over a half-hour-long power outage during the Super Bowl?

Best practice guidelines and systems for information sharing are a good start, but barring any carrots and sticks, it's unlikely that the executive order will accomplish much. That's why some are calling on the government to put in place mandatory standards that would put all companies in the same boat.

"Until stringent regulations are put in place, then I don't think we're going to make a lot of progress," Beck said.

The White House agrees. It still wants Congress to give the Department of Homeland Security power to regulate critical infrastructure.

And Congress may move quickly. On Wednesday, House Intelligence Committee Chairman Mike Rogers plans on reintroducing the stalled Cyber Intelligence Sharing and Protection Act, which passed a House vote in April but was never taken up in the Senate. That bill also faced an Obama veto threat over the perceived lack of privacy protections. Rogers believes his revised bill will address those concerns.

– CNN's Jessica Yellin and Pam Benson contributed reporting to this article

Post by:
Filed under: Cybersecurity • Obama
soundoff (31 Responses)
  1. backlink

    I am not that much of a web reader to be honest but your websites really good, maintain it up! I will go ahead and bookmark your website to come back later on. Many thanks backlink http://fiverr.com/twnseobacklink

    April 24, 2013 at 6:33 pm | Reply
  2. seo

    I've not checked in right here for some time as I thought it had been obtaining boring, however the last few posts are good quality so I guess I'll include you back to my daily bloglist. You deserve it my friend seo http://fiverr.com/twnseobacklink

    April 24, 2013 at 11:49 am | Reply
  3. George Patton-2

    we must hang all Chinese.

    February 13, 2013 at 3:17 pm | Reply
    • A 5th Marine

      Well put, George. This kind of warfare is absolutely necessary and we need to find a way to stop it before it's too late!

      February 13, 2013 at 3:18 pm | Reply
      • A 5th Marine

        Hey you, just where do you get off stealing my screen name? If you want to post your stupidity here, why don't use your own name or are you just too ashamed to show your ignorance? At any rate, quit trying to make me look as dumb as you, will you?

        February 13, 2013 at 5:04 pm |
      • A 5th Marine

        It wouldn't take much to make you look stupid.

        February 14, 2013 at 12:45 am |
  4. George Patton-2

    This should be a wake up call for countries like Iran, Russia and China to increase their cyber security systems, too. After all, this stupid war, like so many others, was started by those right-wing idiots in Washington. When will this ever end?

    February 13, 2013 at 9:50 am | Reply
    • A 5th Marine

      Well put, George. This kind of warfare is potentially dangerous and we need to find a way to stop it before it's too late!

      February 13, 2013 at 3:02 pm | Reply
  5. michaelfury

    "We cannot look back years from now and wonder why we did nothing in the face of real threats to our security and our economy."

    Been wondering that for years already, Mr. President.

    http://pulverizedtonearpower.wordpress.com/2012/07/12/pulverized-to-near-power/

    February 13, 2013 at 8:32 am | Reply
    • zdld17

      Issues like this will continue, as mentioned above, there is no teeth in any policy under this current admin. Its a line in the sand ,that keeps getting redrawn, again and again. All outside countries know this.

      February 14, 2013 at 1:32 pm | Reply
  6. him

    Figures the saeed would comment like he has, all sorts of insults but no answers, as for turning the other cheek I've never been a fan. Saeed you worthless piece of feces, no doubt a towel headed idiot from the some third worLd country. Speaking of bananas, I did hear that Mohammed like to suck the bananas of camels.

    February 13, 2013 at 12:14 am | Reply
  7. saeed

    someone should throw this monkey a banana obama is a ghanaian house niggger its like kofi annan jumping from a 10m tree like a gorilla.

    February 12, 2013 at 11:11 pm | Reply
    • BigShiz

      And you're a gay Muslim.

      February 13, 2013 at 3:48 pm | Reply
    • Marine5484

      Well said, saeed. Thank you.

      February 13, 2013 at 4:49 pm | Reply
  8. gftyujhfetyj

    WHAT A JOKE

    February 12, 2013 at 11:02 pm | Reply
  9. George Patton#2

    cybersecurity bill no good

    February 12, 2013 at 10:57 pm | Reply

Post a comment


 

CNN welcomes a lively and courteous discussion as long as you follow the Rules of Conduct set forth in our Terms of Service. Comments are not pre-screened before they post. You agree that anything you post may be used, along with your name and profile picture, in accordance with our Privacy Policy and the license you have granted pursuant to our Terms of Service.