In his State of the Union address last night, President Obama announced the signing of the long anticipated executive order on cybersecurity. The order marks a major step in the administration’s attempt to shore up the nation’s technology security amidst growing international threats from countries like China and Iran. Although the new cybersecurity measures would do little to prevent attacks like we’ve seen on major media companies in recent weeks, those attacks have heightened the visibility of the problem and are prompting the executive branch and lawmakers to act.
The executive order’s goal is to strengthen the nation’s infrastructure, both government and privately held technology. The order provides the allowance of information sharing between government agencies and companies, such as an energy company or other critical utility, so that companies can be made aware of attacks they’re facing. The order directs a number of government agencies to, within 120 days, provide instructions on how to properly share unclassified information on cyberattacks with concerned parties.
The executive order also calls for for the National Institute of Standards and Technology to create a strategy for handling the threat of cyberattacks. They’ll develop a set of standards and procedures that government agencies can follow in the event of an attack. and companies will have a roadmap they can follow voluntarily, according to the order.
Reaction to the order in Congress has been mixed. Supporters of Senator Lieberman’s cybersecurity bill that was killed last year lined up in support of the action. The executive order closely mirrors much of what was in the Lieberman bill. GOP Senators, who were responsible for killing the Lieberman bill, voiced measured displeasure and urged Congress to pass its own legislation to protect the countries technological infrastructure. Many of the complaints against the measure include what is perceived as unnecessary and undue regulations on private businesses.
An Alternative bill to protect against cyberattacks was introduced today by Reps. Mike Rogers and Dutch Ruppersberger, the chairman and ranking member of the House Intelligence Committee. Their new bill is a retread of last year’s CISPA, which failed after a veto threat from the White House over privacy concerns. According to the sponsors, the newly reintroduced CISPA provides for the voluntary sharing of information by the government to companies, but goes a step further than the White House and for companies to share information with government agencies. This provision is what had many privacy advocates worried about in the last round, although the sponsors’ claim the bill does allow for legal recourse by consumers if they feel their privacy has been violated.
Voluntary standards coming from the White House is a tricky business. Lawmakers and the White House should work together to develop protections for our technological infrastructure that both protects consumer privacy and relieves companies of undue regulations. The discussions taking place are a good first step.
Zack Christenson writes on digital tech issues for the American Consumer Institute Center for Citizen Research