Obama Readies Unilateral Move on Cybersecurity
Panetta warned last year of the possibility of a “cyber Pearl Harbor.” He told business leaders attending a meeting of the Business Executives for National Security that the country is increasingly vulnerable to foreign computer hackers who could attack the country’s transportation system, government, financial networks, and power grid.
In a recent report, the Department of Homeland Security (DHS) estimated that more than 40 percent of all reported cyber attacks on critical infrastructure in 2012 targeted the energy sector. Many of the incidents reported to the DHS targeted information that could facilitate remote access and unauthorized operation.
Sustained cyber attacks targeting the websites of a dozen U.S. banks, including Wells Fargo, JP Morgan Chase, and Bank of America, exemplify the growing threat to the financial sector. What makes these attacks suspicious is that they are not carried by opportunists trying to steal data or money, but instead by experts keen on creating significant disruptions. Computer-security specialists say that the attacks showed a level of sophistication that exceeded that of amateur hackers, making it more likely that they were orchestrated by a nation.
“There is no doubt within the U.S. government that Iran is behind these attacks,” former Commerce and State Department official James A. Lewis told the New York Times this month. According to Lewis, the attacks are probably in retaliation for previous cyber attacks on Iran as well as sanctions imposed on the country.
After the intensifying wave of attacks, major U.S. banks have turned to the National Security Agency for technical assistance in an effort to protect their computer systems, the Washington Post reported.
The banks’ request follows a similar push by a trade group for more collaboration between the private sector and government. The Business Roundtable, which represents the chief executive of top U.S. companies, has recently called on Congress to pass legislation aimed at improving the sharing of information between government and industry so companies can thwart cyber attacks quickly. The group, however, cautioned against a “static compliance based regime” that would undermine a more dynamic solution based on information sharing.
Before the Senate vote in November, Lieberman warned of the possibility of an executive order issued by the president if the Senate voted against moving the bill forward. Reid also noted that the order would fall short of what the bill could accomplish, including liability protection that would protect companies from legal action if they are hit by a cyber attack.
In a letter sent to the president in October, a group of Republican senators urged Obama to work with Congress on cybersecurity legislation instead of acting unilaterally in a way that “will solidify the present divide” among stakeholders. The White House is expected to roll out the executive order as early as the end of this month.
As new leaders assume command of the congressional committees in charge of cybersecurity legislation, the prospects of reviving the debate have begun to emerge. A coalition of Senate Democrats, led by longtime cybersecurity legislation supporter Sen. Jay Rockefeller (D-W.Va), introduced on Wednesday a new resolution tackling the issue. “The new Congress has a real opportunity to reach needed consensus on bipartisan legislation that will strengthen our nation’s cybersecurity,” the senators said in a joint statement announcing the bill, called the Cybersecurity and American Cyber Competitiveness Act of 2013.
The new bill outlines legislative intent but does not provide any specific solutions beyond some recommendations to improve collaboration between the private sector and the federal government.
This guy has to be held on a short leash … he’s also spending 1.6 million taxpayers dollars flying around to get his own way with the immigration bill efforts! That’s totally unacceptable to say the least. Enough is enough; Obama seems to have gone bonkersville on the absolute monarchy trail. WTF?!!!!!
What we really need is for the private sector to get its’ collective head out of the sand and spend a few dollars on cyber security. If you don’t think it could happen here but would like to see what it might look like, get a copy of Clancy’s “Threat Vector.” Should wake you up, besides being very entertaining.
I’m sure lots of bad things can happen. What I don’t trust, is Obama won’t be the one causing it.
“Never let a crisis go to waste”
So far, he hasn’t. Past performance is indicative of future potential in his case.
The Dream Act and Cybersecurity bill can’t make it through Congress, so a President takes it upon himself to unilaterally effect at least portions of those bills ?
I didn’t know federal government was authorized to work that way, one guy imposing the rules.
Sounds like a monarchy.
“Cybersecurity” sounds great, but there was significant opposition in the business community to adding yet more layers of government regulation. The Reddit co- founder Aaron Swartz who recently committed suicide spoke rather eloquently against the legislation.
Can’t systems be strengthened & tightened without, yet another, insertion of government into the process ?
Nobody alive knows completely what’s legal and illegal anymore, what with the onslaught of government interference in everything. Can’t anything good happen in American society without these yahoos ?
This legislation is, for all intents and purposes, irrelevent, outside of any overreach questions. Two items to consider:
1. Many, if not all, of the industries identified are already regulated with cybersecurity standards already in place. In addition, the signficant organizations are also reviewed by regulatory bodies to include the FFIEC, FERC, and the SEC. These reviews include IT folks. The standards for the review are, for the most part either directly to implicitly referance NIST standards. So the framework, and maybe the actual processes, are already in place.
2. Govermental or even industry standards are, in generally ineffective. Consider the challanges related to the Payment Card Industry Data Security Standards. We still encounter data breaches even for the organizations that have been audited for compliance without reported exception. (Same will likely be true with HITECH) Detailed govermental standards create an environment where one can be reasonably secure OR state that one meets the govement standards irrespective of reality.
Would it not be interesting for a goverment to work within an existing set of organizations to meet real risks. Although, creating new functions, roles, and laws is always SO much more fun. And looks better in mailers to local citizens.
Frustrated security/controls geek
HAVC
Would it not be interesting for a goverment to work within an existing set of organizations to meet real risks.
Sounds too much like hard work to the grandstanding politicians.
Optics trump substance every time.
The real problem with cyber security is you are always one step or more behind the bad guys. First, all OS and major pieces of software have security vulnerabilities if for no other reason than the complexity of the code. Did the designers see every possible user interaction? Now add poorly written or woefully obsolete code. Another various forms of social engineering to trick users into giving out information they should not.
Also, remember the IRS standard for proper data protection did not include encrypting SSN and when South Carolina’s tax payer database was hacked the IRS compliant security meant that tax payer SSN’s were plain text.
The real problem is that a government run solution will be woefully inadequate because of the ti me lag to issue new regulations assuming there no other major issues such as incompetence. The best practices are always evolving in cyber security.
An ongoing problem is that the purse strings are controlled by people who often do not understand cyber security. They do not understand it is an ongoing process that will never end. Some of the problem is proper software design, proper network design, appropriate user access, and ongoing user training. Unfortunately all of these are evolving.
The problem with legislation or diktat is that it fundamentally assumes the problem will not change in the future because both will tend to lock in current (hopefully best) practices some of which will be inadequate in the near future. Unfortunately the crystal ball can not tell one which ones will be inadequate.
Your point about lag time is compounded by the fact that businesses cannot afford to get out ahead of the regulators even if there is a pressing need to do so, because whatever they put in place may not meet subsequent regulations and have to be scrapped at great expense. Meanwhile they are in compliance, even if vulnerable.
‘…a set of standards that will help government “more effectively secure the nation’s critical infrastructure by [unilaterally controlling] the private sector”’
Just a slight change to clarify the language and intent of the statement.
Every seemingly disparate topic seems to boil down to one thing, control.
Chris Dodd of Dodd-Frank, the guy who got the sweetheart loan deals from his buddy Angelo Mozilla at Countrywide, was a big ‘cybersecurity’ guy. Drove him nuts (he was well on his way already) that something, anything, could be going on outside of Congressional purview.
Abraham Lincoln’s re-assertion of the nation’s founding ideas, that it is the people who are the masters of Congress and the courts, falls on deaf ears.
“Good intentions will always be pleaded for every assumption of authority. It is hardly too strong to say that the Constitution was made to guard the people against the dangers of good intentions. There are men in all ages who mean to govern well, but they mean to govern. They promise to be good masters, but they mean to be masters.”
~Daniel Webster – (1782-1852), US Senator
Just like China, North Korea, Islamic nations, and India as well Obama would bring in the legislation, to police and censor the web, for these are essential tactics for ‘staying in power’
Just like China, North Korea, Islamic nations, and India as well Obama would bring in the legislation, to police and censor the web, for these are essential tactics for ‘staying in power’!
We stand in awe of emperor obi-i-won as he readies his “executive order” generator. It’s good to be the king (emperor).
I am reminded of one meeting between private sector engineers, my guys, and federal regulators, perhaps twenty people sitting around a conference table, focusing on a very technical topic. I started the meeting by outlining the topic, the options, and then my suggestion: we would jointly select the most technically quantified experts, from government, private industry, and academia, let them discuss things for a day, or so, alone, then reassembly and listen to them.
You would have thought I had declared World War III. I did not realize the central issue was power. Who held the whip?
This, and a zillion other reasons is why electricity costs so much. The same process goes on in all technical areas.
It is a shame that the US government is making a play for our networks like China or Iran does in their countries. NEVER give the government the kill switch, ever.
Why can’t the government ever come up with some recommendations, especially for Nuke Power, major power grid control centers, top secret installations and their contractors etc.. and call it a day.
Does every bill have to create 2-10 new “agencies” to write rules. Consist of thousands of pages and be nearly un-readable etc..
When it comes to free flow of speech and ideas the government should never have the whip!
Any chance Congress can just draft an order of its own placing Obama under arrest and deporting him back to Kenya? Future generations will be grateful…..
Read Tom Clancy’s Threat Vector and try not to panic. I know that those that favor security over freedom will have neither, but holy cr*p is that book scary regarding the Chicoms and cybersecurity.
What I don’t trust is the hidden unConstitutional fine print that will be buried in the executive order. Apparently unrelated things snuck in. Call me paranoid, call me crazy, but post-election Obama Unleashed is itching to make in-roads into controlling the Internet and conservative news websites. I trust nothing he does, and I sense censorship brewing any time Owebama and the Internet are mentioned in the same sentence. He’s already taking shots at Fox, and that 60 Minutes love fest with Hillary was vomitous.If we aren’t careful, soon that is all the news we peasants will be able to see concerning our Dear Leader.
And Congress will do nothing to stop legislation by EO. The Left will cheer him on and the media will sing praise as a good cult follower should.
Corbettreport Calling Out The Hypocritical, War-Loving Left
http://www.youtube.com/watch?v=A3_hFYucgYY
This is getting ridiculous. Executive orders serve the purpose of directing the executive branch to carry out existing law in a specific way — they do not in any way make new law. A president who makes new law through executive order is a president who has committed a high crime against the constitution. Why does everyone keep pretending the the won is able to make his own laws? You or I could pronounce our own laws with as much legal credibility as his have. Hello…congress? What will it take for you to take action against this man – does he have to start picking you off one by one?