We noticed you're browsing in private or incognito mode.

To continue reading this article, please exit incognito mode or log in.

Not a subscriber? Subscribe now for unlimited access to online articles.

Intelligent Machines

Obama Announces Plan to Shore Up U.S. Cyber Defenses

President uses State of the Union address to launch effort to protect infrastructure against a “growing threat.”

Cyber threats to U.S. national infrastructure are increasing.

Citing a “rapidly growing threat from cyberattacks,” President Obama said last night that he has issued an executive order that would strengthen the computerized defenses of the United States. The order will increase information sharing and coöperation among government agencies and companies, and establish standards for responding to threats. Both are considered important components of effective cyber defense.

“We know hackers steal people’s identities and infiltrate private e-mails. We know foreign countries and companies swipe our corporate secrets. Now our enemies are also seeking the ability to sabotage our power grid, our financial institutions, our air traffic control systems,” Obama said in his State of the Union address.

The action comes as attacks on government agencies and infrastructure are apparently on the rise (see “Old Fashioned Control Systems Make U.S. Power Grids, Water Plants a Hacking Target”).

The number of attacks reported to the U.S. Department of Homeland Security’s cybersecurity response team grew 52 percent to 198 in 2012, the team recently said. The statements also follow the recent disclosure of attacks on media outlets including the New York Times, the Wall Street Journal, and the Washington Post.

Despite the threat described by Obama, no legislation has been passed in Congress; in recent years about 80 bills have been written with some component of cybersecurity, but none have become law. 

A key challenge is that much of the nation’s information technology infrastructure is owned and controlled by private companies. This makes it tricky to specify what constitutes adequate security and to know what kinds of attacks are emerging in different sectors (see “Moore’s Outlaws”).

The executive order is meant to fill the legislative void by improving coöperation among government agencies and companies. It applies to a subset of industries—including communications, energy, financial, and chemical sectors—that are considered critical to national security, the economy, and public health and safety.

The order directs the Department of Homeland Security to establish a voluntary program wherein critical infrastructure operators adopt cybersecurity practices shaped by the National Institute of Standards and Technology together with security companies. The DHS is then meant to work with other agencies and industry groups to implement those practices. The order also calls for an analysis of how communication between the federal government and private companies can be improved.

The executive order sets forth a series of milestones, including a description of relationships established between agencies within 120 days, the development of a situational awareness capability for critical infrastructure within 240 days, and a research and development plan within two years.

Obama indicated that legislation is still needed to mandate stronger protection. “Congress must act as well, by passing legislation to give our government a greater capacity to secure our networks and deter attacks,” he said during the address. “This is something we should be able to get done on a bipartisan basis.”

The president did not, however, mention the issue of countermeasures, or cyberweapons, which are apparently already used by government agencies and contractors (see “Welcome to the Malware Industrial Complex”).

Cut off? Read unlimited articles today.

Become an Insider
Already an Insider? Log in.
More from Intelligent Machines

Artificial intelligence and robots are transforming how we work and live.

Want more award-winning journalism? Subscribe to Print + All Access Digital.
  • Print + All Access Digital {! insider.prices.print_digital !}*

    {! insider.display.menuOptionsLabel !}

    The best of MIT Technology Review in print and online, plus unlimited access to our online archive, an ad-free web experience, discounts to MIT Technology Review events, and The Download delivered to your email in-box each weekday.

    See details+

    12-month subscription

    Unlimited access to all our daily online news and feature stories

    6 bi-monthly issues of print + digital magazine

    10% discount to MIT Technology Review events

    Access to entire PDF magazine archive dating back to 1899

    Ad-free website experience

    The Download: newsletter delivered daily

You've read of three free articles this month. for unlimited online access. You've read of three free articles this month. for unlimited online access. This is your last free article this month. for unlimited online access. You've read all your free articles this month. for unlimited online access. You've read of three free articles this month. for more, or for unlimited online access. for two more free articles, or for unlimited online access.