What Obama’s Cybersecurity Strategy Leaves Out
In two new executive orders, the president makes no explicit mention of fighting terror and limits his administration’s privacy goals.
After a year of online megabreaches, President Obama on Tuesday proposed sharply increasing cybersecurity spending to $19 billion (from $14 billion) and released an executive order establishing a cybersecurity study commission.
But the plan has some big gaps. For one thing, while his new study commission includes a nod to national security in its mission statement, it does not explicitly include a mandate to create policies that will combat terrorists’ use of social networks for recruiting and spreading propaganda.
Obama recently addressed this topic by developing a counterterrorism task force and meeting with Silicon Valley titans. But his newly announced initiatives imply a continued reliance on private-sector companies to enforce their terms of service. Last week, for example, Twitter announced it was greatly ramping up efforts to shut down ISIS-supporting accounts. Blocking such accounts is something Twitter has been saying it’s been doing for more than a year.
Herb Lin, a cybersecurity and policy researcher at Stanford University, said the nation needs a “cyberstrategy” in addition to the kinds of “cybersecurity strategies” we heard about today. In an interview, Lin said: “A national cybersecurity strategy is a perfectly fine thing to do. It’s just not comprehensive, in the sense that it does not include a lot of other things.”
For example, ISIS’s use of online social networks “is not cybersecurity in the sense of making your computer more secure, but it is a cyber issue,” he said. “And does the U.S. have a comprehensive approach, a policy approach, to deal with new technologies that pose a risk to privacy?”
The answer is no. Although a second executive order by Obama on Tuesday formed a privacy council, this body is concerned mainly with figuring out ways to safeguard data held by federal agencies. (Last year’s devastating hack on the U.S. Office of Personnel Management exposed the records of more than 21 million people.)
Meanwhile, the political rumblings are ominous. Donald Trump—who is expected to win Tuesday’s Republican presidential primary in New Hampshire—recently advocated shutting down parts of the Internet to prevent young people from being recruited to travel overseas to fight for terrorist causes.
“We’re losing a lot of people because of the Internet,” Trump recently asserted. One can only wonder what his cyberstrategy might include.
Become an MIT Technology Review Insider for in-depth analysis and unparalleled perspective.Subscribe today