There’s a mixed reaction to the cyber security plan from President Barack Obama this week – with many officials saying it doesn’t go far enough, some supporting it, and others wondering if it’s needed at all.
Obama released an executive order to protect computer networks of critical U.S. industries through voluntary standards in light of increased risk of cyber attacks. Obama also wants to see Congress approve additional steps to increase cyber security for the power grid, financial institutions and air traffic control system – even though last year legislators failed to approve a far-reaching proposal.
“We cannot look back years from now and wonder why we did nothing in the face of real threats to our security and our economy,” Obama said in Tuesday’s State of the Union address. “Now, Congress must act as well by passing legislation to give our government a greater capacity to secure our networks and deter attacks.”
As part of the executive order, U.S. defense and intelligence agencies will share classified threat information with businesses in sensitive sectors. Yet many businesses realize there are threats to cyber security, but oppose more government regulation, according to a report from The Associated Press.
There are several gaps in the current plan, The AP adds. Some of these include: Is a business forced to tell the federal government if it’s been hacked? Are sensitive facilities legally liable if they do not undertake “reasonable steps” to protect a customer? Does the government pay to stop cyber-attacks?
The National Institute of Standards and Technology will in the next year come up with voluntary standards and procedures on cyber threats. They will let businesses identify network and system risks, and methods to manage the risks.
One top telecom company, CenturyLink, issued a statement this week that it supports the “goals” of Obama’s cyber security executive order. It also wants to see the Cybersecurity Intelligence Sharing and Protection Act (CISPA) approved by Congress. The bill is being introduced by U.S. Reps. Mike Rogers (R-Mich.) and C.A. Dutch Ruppersberger (D-Md.). The company also wants to see a “legal framework for information sharing and liability protections.”
The bill includes “strong privacy protections for service providers and their customers,” the company added.
“Since our network is one of the central assets of our business, we’ve invested heavily in robust cybersecurity protections and created a governance, risk and compliance framework that leverages voluntary public-private partnerships with the federal government,” Steve Davis, CenturyLink executive vice president for public policy and government relations, said in a statement.
It is also pleased to see steps which improve information-sharing between the government and the private sector under Obama’s plan.
“A voluntary, flexible, balanced and collaborative partnership between government agencies and the private sector is essential to improving the nation's cyber security posture,” the company added in the statement.
Another statement was released by the United States Telecom Association president and CEO, Walter B. McCormick Jr., which said in part, “Today’s Executive Order takes some important steps toward achieving policy goals that will help protect our nation from harmful threats. The order will facilitate national cybersecurity policy goals by directing federal agencies to reduce duplicative and excessively burdensome cybersecurity requirements. We’re pleased that the order reaffirms the importance of public-private partnerships in assessing and combating threats, a strategy we believe is highly effective. But we recognize that a strong cybersecurity policy is best achieved through enactment of legislation that enables appropriate sharing of information between government and industry, such as the bipartisan bill co-sponsored by Reps. Mike Rogers, R-Mich., and C. A. Dutch Ruppersberger, D-Md., that passed the House last year and is being reintroduced today.”
US Telecom is an industry association.
In addition, the U.S. Chamber of Commerce and several Republican politicians have worried that a cyber security bill will add burdensome regulations to the private sector.
On the other hand, the American Civil Liberties Union supports the executive order, but opposes the Rogers bill. “The president’s executive order rightly focuses on cybersecurity solutions that don’t negatively impact civil liberties,” Michelle Richardson, legislative counsel for the American Civil Liberties Union, said in an e-mail to Bloomberg News. The Rogers bill “allows companies to share sensitive and personal American Internet data with the government, including the National Security Agency and other military agencies,” Richardson added.
Joseph Santamaria, CIO for Connecticut’s UIL Holdings, said utilities share information now, but intelligence agencies are not doing it as much.
Also, three Republican senators – Arizona’s John McCain, Georgia’s Saxby Chambliss and South Dakota’s John Thune – said the executive order would not "achieve the balanced approach" found with a Congressional law, Reuters said. "The Senate should follow regular order and craft legislation that will have an immediate impact on our nation's cybersecurity without adding or prompting regulations that could discourage innovation and negatively impact our struggling economy."
And TechZone360’s Peter Bernstein says the Executive Order “is a much needed step in getting the U.S. better prepared, and certainly better coordinated in terms of information sharing and collaboration between the government and the private sector.”
But the U.S. Chamber of Commerce says the new executive order from Obama was not needed.
Last October, Obama signed a limited “secret directive” to prevent cyber attacks on computer networks. The Washington Post said the document signed by the President was “Presidential Policy Directive 20,” and lists standard procedures for government agencies, including the military, to combat cyber threats.
Meanwhile, European governments are coming up with their own set of regulations to address them.
Edited by Braden Becker