Intelligent Machines

Obama Announces Plan to Shore Up U.S. Cyber Defenses

President uses State of the Union address to launch effort to protect infrastructure against a “growing threat.”

Cyber threats to U.S. national infrastructure are increasing.

Citing a “rapidly growing threat from cyberattacks,” President Obama said last night that he has issued an executive order that would strengthen the computerized defenses of the United States. The order will increase information sharing and coöperation among government agencies and companies, and establish standards for responding to threats. Both are considered important components of effective cyber defense.

“We know hackers steal people’s identities and infiltrate private e-mails. We know foreign countries and companies swipe our corporate secrets. Now our enemies are also seeking the ability to sabotage our power grid, our financial institutions, our air traffic control systems,” Obama said in his State of the Union address.

The action comes as attacks on government agencies and infrastructure are apparently on the rise (see “Old Fashioned Control Systems Make U.S. Power Grids, Water Plants a Hacking Target”).

The number of attacks reported to the U.S. Department of Homeland Security’s cybersecurity response team grew 52 percent to 198 in 2012, the team recently said. The statements also follow the recent disclosure of attacks on media outlets including the New York Times, the Wall Street Journal, and the Washington Post.

Despite the threat described by Obama, no legislation has been passed in Congress; in recent years about 80 bills have been written with some component of cybersecurity, but none have become law. 

A key challenge is that much of the nation’s information technology infrastructure is owned and controlled by private companies. This makes it tricky to specify what constitutes adequate security and to know what kinds of attacks are emerging in different sectors (see “Moore’s Outlaws”).

The executive order is meant to fill the legislative void by improving coöperation among government agencies and companies. It applies to a subset of industries—including communications, energy, financial, and chemical sectors—that are considered critical to national security, the economy, and public health and safety.

The order directs the Department of Homeland Security to establish a voluntary program wherein critical infrastructure operators adopt cybersecurity practices shaped by the National Institute of Standards and Technology together with security companies. The DHS is then meant to work with other agencies and industry groups to implement those practices. The order also calls for an analysis of how communication between the federal government and private companies can be improved.

The executive order sets forth a series of milestones, including a description of relationships established between agencies within 120 days, the development of a situational awareness capability for critical infrastructure within 240 days, and a research and development plan within two years.

Obama indicated that legislation is still needed to mandate stronger protection. “Congress must act as well, by passing legislation to give our government a greater capacity to secure our networks and deter attacks,” he said during the address. “This is something we should be able to get done on a bipartisan basis.”

The president did not, however, mention the issue of countermeasures, or cyberweapons, which are apparently already used by government agencies and contractors (see “Welcome to the Malware Industrial Complex”).

Tech Obsessive?
Become an Insider to get the story behind the story — and before anyone else.
Subscribe today

Uh oh–you've read all five of your free articles for this month.

Insider Premium

$179.95/yr US PRICE

More from Intelligent Machines

Artificial intelligence and robots are transforming how we work and live.

Want more award-winning journalism? Subscribe and become an Insider.

  • Insider Premium {! insider.prices.premium !}*

    {! insider.display.menuOptionsLabel !}

    Our award winning magazine, unlimited access to our story archive, special discounts to MIT Technology Review Events, and exclusive content.

    See details+

    What's Included

    Bimonthly home delivery and unlimited 24/7 access to MIT Technology Review’s website.

    The Download. Our daily newsletter of what's important in technology and innovation.

    Access to the Magazine archive. Over 24,000 articles going back to 1899 at your fingertips.

    Special Discounts to select partner offerings

    Discount to MIT Technology Review events

    Ad-free web experience

    First Look. Exclusive early access to stories.

    Insider Conversations. Join in and ask questions as our editors talk to innovators from around the world.

  • Insider Plus {! insider.prices.plus !}* Best Value

    {! insider.display.menuOptionsLabel !}

    Everything included in Insider Basic, plus ad-free web experience, select discounts to partner offerings and MIT Technology Review events

    See details+

    What's Included

    Bimonthly home delivery and unlimited 24/7 access to MIT Technology Review’s website.

    The Download. Our daily newsletter of what's important in technology and innovation.

    Access to the Magazine archive. Over 24,000 articles going back to 1899 at your fingertips.

    Special Discounts to select partner offerings

    Discount to MIT Technology Review events

    Ad-free web experience

  • Insider Basic {! insider.prices.basic !}*

    {! insider.display.menuOptionsLabel !}

    Six issues of our award winning magazine and daily delivery of The Download, our newsletter of what’s important in technology and innovation.

    See details+

    What's Included

    Bimonthly home delivery and unlimited 24/7 access to MIT Technology Review’s website.

    The Download. Our daily newsletter of what's important in technology and innovation.

You've read of free articles this month.