We noticed you're browsing in private or incognito mode.

To continue reading this article, please exit incognito mode or log in.

Not an Insider? Subscribe now for unlimited access to online articles.

Intelligent Machines

Obama Announces Plan to Shore Up U.S. Cyber Defenses

President uses State of the Union address to launch effort to protect infrastructure against a “growing threat.”

Cyber threats to U.S. national infrastructure are increasing.

Citing a “rapidly growing threat from cyberattacks,” President Obama said last night that he has issued an executive order that would strengthen the computerized defenses of the United States. The order will increase information sharing and coöperation among government agencies and companies, and establish standards for responding to threats. Both are considered important components of effective cyber defense.

“We know hackers steal people’s identities and infiltrate private e-mails. We know foreign countries and companies swipe our corporate secrets. Now our enemies are also seeking the ability to sabotage our power grid, our financial institutions, our air traffic control systems,” Obama said in his State of the Union address.

The action comes as attacks on government agencies and infrastructure are apparently on the rise (see “Old Fashioned Control Systems Make U.S. Power Grids, Water Plants a Hacking Target”).

The number of attacks reported to the U.S. Department of Homeland Security’s cybersecurity response team grew 52 percent to 198 in 2012, the team recently said. The statements also follow the recent disclosure of attacks on media outlets including the New York Times, the Wall Street Journal, and the Washington Post.

Despite the threat described by Obama, no legislation has been passed in Congress; in recent years about 80 bills have been written with some component of cybersecurity, but none have become law. 

A key challenge is that much of the nation’s information technology infrastructure is owned and controlled by private companies. This makes it tricky to specify what constitutes adequate security and to know what kinds of attacks are emerging in different sectors (see “Moore’s Outlaws”).

The executive order is meant to fill the legislative void by improving coöperation among government agencies and companies. It applies to a subset of industries—including communications, energy, financial, and chemical sectors—that are considered critical to national security, the economy, and public health and safety.

The order directs the Department of Homeland Security to establish a voluntary program wherein critical infrastructure operators adopt cybersecurity practices shaped by the National Institute of Standards and Technology together with security companies. The DHS is then meant to work with other agencies and industry groups to implement those practices. The order also calls for an analysis of how communication between the federal government and private companies can be improved.

The executive order sets forth a series of milestones, including a description of relationships established between agencies within 120 days, the development of a situational awareness capability for critical infrastructure within 240 days, and a research and development plan within two years.

Obama indicated that legislation is still needed to mandate stronger protection. “Congress must act as well, by passing legislation to give our government a greater capacity to secure our networks and deter attacks,” he said during the address. “This is something we should be able to get done on a bipartisan basis.”

The president did not, however, mention the issue of countermeasures, or cyberweapons, which are apparently already used by government agencies and contractors (see “Welcome to the Malware Industrial Complex”).

Become an MIT Technology Review Insider for in-depth analysis and unparalleled perspective.

Subscribe today

Uh oh–you've read all of your free articles for this month.

Insider Premium
$179.95/yr US PRICE

More from Intelligent Machines

Artificial intelligence and robots are transforming how we work and live.

Want more award-winning journalism? Subscribe to Insider Plus.
  • Insider Plus {! insider.prices.plus !}*

    {! insider.display.menuOptionsLabel !}

    Everything included in Insider Basic, plus the digital magazine, extensive archive, ad-free web experience, and discounts to partner offerings and MIT Technology Review events.

    See details+

    What's Included

    Unlimited 24/7 access to MIT Technology Review’s website

    The Download: our daily newsletter of what's important in technology and innovation

    Bimonthly print magazine (6 issues per year)

    Bimonthly digital/PDF edition

    Access to the magazine PDF archive—thousands of articles going back to 1899 at your fingertips

    Special interest publications

    Discount to MIT Technology Review events

    Special discounts to select partner offerings

    Ad-free web experience

You've read all of your free articles this month. This is your last free article this month. You've read of free articles this month. or  for unlimited online access.