Saturday, February 16, 2013

Obama gives Companies Cyberthreat Info

Obama Order Gives Firms Cyberthreat Information

New York Times-Feb 12, 2013
WASHINGTON — President Obama signed an executive order on Tuesday that promotes increased information sharing about cyberthreats ...
Obama Orders Cybersecurity Standards for Infrastructure
Bloomberg-Feb 12, 2013
 

Obama Order Gives Firms Cyberthreat Information

  • Facebook
  • Twitter
  • Google+
  • Save
  • E-mail
  • Share
  • Print
  • Reprints
WASHINGTON — President Obama signed an executive order on Tuesday that promotes increased information sharing about cyberthreats between the government and private companies that oversee the country’s critical infrastructure, offering a weakened alternative to legislation the administration had hoped Congress would pass last year.
Drew Angerer for The New York Times
An agent at work last month at the National Cybersecurity and Communications Integration Center in Arlington, Va. The center is an arm of the Homeland Security Department.
The order will allow companies that oversee infrastructure like dams, electrical grids and financial institutions to join an experimental program that has provided government contractors with real-time reports about cyberthreats.
It will also put together recommendations that companies should follow to prevent attacks, and it will more clearly define the responsibilities for different parts of the government that play a role in cybersecurity.
“Now our enemies are also seeking the ability to sabotage our power grid, our financial institutions, and our air traffic control systems,” Mr. Obama said in his State of the Union address. “We cannot look back years from now and wonder why we did nothing in the face of real threats to our security and our economy.”
But the measures considered most important by cybersecurity experts — like minimum requirements for how crucial infrastructure should be protected — were not included in the order because they require Congressional approval. They say the equipment used by companies overseeing the nation’s critical infrastructure is notoriously outdated and insecure because it was not built with the potential for a serious cyberattack in mind.
“The executive order is about information sharing — it does not even begin to address the real problem, which is that these systems are completely insecure,” said Dale Peterson, the founder of Digital Bond, a security firm that focuses on infrastructure.
He added: “I’m amazed that 11 ½ years after 9/11, the government hasn’t even had the courage to say, ‘You need to replace this insecure equipment.’ If you get on these systems, they have no security and you can do whatever you want.”
One of the administration’s top national security priorities last year was to get Congress to pass legislation giving the Department of Homeland Security power to enforce minimum standards for the security standards of equipment running critical infrastructure.
As part of the administration’s efforts to persuade members of Congress about the severity of the problem, several senior administration officials — including Janet Napolitano, the secretary of homeland security; Robert S. Mueller III, the director of the Federal Bureau of Investigation; and Gen. Martin E. Dempsey, the chairman of the Joint Chiefs of Staff — provided closed-door briefings to members of Congress on the threat.
But Senate Republicans, led by John McCain of Arizona, argued that the minimum standards were too burdensome for businesses, and by late July had managed to change the legislation to make them optional. In early August, the bill essentially died when it was blocked by a Republican filibuster. Senior administration officials have said they will attempt to get Congress to pass similar cybersecurity legislation this year.
Hackers are increasingly exploiting the lack of security to gain access to the nation’s most critical infrastructure.
According to a December report by the Department of Homeland Security, the agency has been responding to intrusions into oil pipelines and electric power organizations “at an alarming rate.” Some 198 attacks on the nation’s critical infrastructure systems were reported to the agency last year, a 52 percent increase from the number of reported attacks in 2012.
Several were successful. According to an earlier Department of Homeland Security report, hackers breached the computer systems of several natural gas pipelines last year and stole data that “could facilitate remote unauthorized operations.”
Michael S. Schmidt reported from Washington, and Nicole Perlroth from San Francisco.
  end quote from:

Obama Order Gives Firms Cyberthreat Information

New York Times-Feb 12, 2013
WASHINGTON — President Obama signed an executive order on Tuesday that promotes increased information sharing about cyberthreats ...

No comments: