Obama Order Gives Firms Cyberthreat Information
New York Times-Feb 12, 2013
WASHINGTON — President Obama signed an executive order on Tuesday that promotes increased information sharing about cyberthreats ...
|
Obama Orders Cybersecurity Standards for Infrastructure
end quote from:
Obama Order Gives Firms Cyberthreat Information
By MICHAEL S. SCHMIDT and NICOLE PERLROTH
Published: February 12, 2013
WASHINGTON — President Obama
signed an executive order on Tuesday that promotes increased
information sharing about cyberthreats between the government and
private companies that oversee the country’s critical infrastructure,
offering a weakened alternative to legislation the administration had
hoped Congress would pass last year.
Drew Angerer for The New York Times
An agent at work last month at the National
Cybersecurity and Communications Integration Center in Arlington, Va.
The center is an arm of the Homeland Security Department.
Related
-
Obama Pledges Push to Lift Economy for Middle Class (February 13, 2013)
-
Text: Obama’s 2013 State of the Union Address (February 13, 2013)
The order will allow companies that oversee infrastructure like dams,
electrical grids and financial institutions to join an experimental
program that has provided government contractors with real-time reports
about cyberthreats.
It will also put together recommendations that companies should follow
to prevent attacks, and it will more clearly define the responsibilities
for different parts of the government that play a role in
cybersecurity.
“Now our enemies are also seeking the ability to sabotage our power
grid, our financial institutions, and our air traffic control systems,”
Mr. Obama said in his State of the Union address.
“We cannot look back years from now and wonder why we did nothing in
the face of real threats to our security and our economy.”
But the measures considered most important by cybersecurity experts —
like minimum requirements for how crucial infrastructure should be
protected — were not included in the order because they require
Congressional approval. They say the equipment used by companies
overseeing the nation’s critical infrastructure is notoriously outdated
and insecure because it was not built with the potential for a serious
cyberattack in mind.
“The executive order is about information sharing — it does not even
begin to address the real problem, which is that these systems are
completely insecure,” said Dale Peterson, the founder of Digital Bond, a security firm that focuses on infrastructure.
He added: “I’m amazed that 11 ½ years after 9/11, the government hasn’t
even had the courage to say, ‘You need to replace this insecure
equipment.’ If you get on these systems, they have no security and you
can do whatever you want.”
One of the administration’s top national security priorities last year was to get Congress to pass legislation giving the Department of Homeland Security power to enforce minimum standards for the security standards of equipment running critical infrastructure.
As part of the administration’s efforts to persuade members of Congress
about the severity of the problem, several senior administration
officials — including Janet Napolitano, the secretary of homeland
security; Robert S. Mueller III, the director of the Federal Bureau of
Investigation; and Gen. Martin E. Dempsey, the chairman of the Joint
Chiefs of Staff — provided closed-door briefings to members of Congress
on the threat.
But Senate Republicans, led by John McCain of Arizona, argued that the
minimum standards were too burdensome for businesses, and by late July
had managed to change the legislation to make them optional. In early
August, the bill essentially died when it was blocked by a Republican filibuster.
Senior administration officials have said they will attempt to get
Congress to pass similar cybersecurity legislation this year.
Hackers are increasingly exploiting the lack of security to gain access to the nation’s most critical infrastructure.
According to a December report by the Department of Homeland Security, the agency has been responding to intrusions into oil
pipelines and electric power organizations “at an alarming rate.” Some
198 attacks on the nation’s critical infrastructure systems were
reported to the agency last year, a 52 percent increase from the number
of reported attacks in 2012.
Several were successful. According to an earlier Department of Homeland
Security report, hackers breached the computer systems of several
natural gas pipelines last year and stole data that “could facilitate
remote unauthorized operations.”
Obama Order Gives Firms Cyberthreat Information
New York Times-Feb 12, 2013
WASHINGTON — President Obama signed an executive order on Tuesday that promotes increased information sharing about cyberthreats ...
|
No comments:
Post a Comment