Obama issues cybersecurity order as Congress revives Cispa
- 13 February 2013
- From the section Technology
US officials have been ordered to draw up procedures to reduce the country's exposure to cybersecurity threats.
President Obama warned that the country's enemies were "seeking the ability to sabotage our power grid, our financial institutions and our air traffic control systems".
He added that Congress also needed to pass related laws.
The House Intelligence Committee has said it now planned to revive its cyber threat information-sharing bill.
The legislation - known as Cispa - had previously been attacked by privacy campaigners and the White House itself had threatened to veto the bill if passed in its original form.
The US president's executive order on Improving Critical Infrastructure Cybersecurity was issued in conjunction with his State of the Union address on Tuesday.
It instructs the National Institute of Standards and Technology (Nist) to work with the relevant government agencies and industry bodies to draw up standards and practices to combat cyber threats.
It also calls on officials to share both classified and unrestricted information about attacks with at-risk companies.
It adds that "strong privacy and civil liberties protections" should be incorporated into the new procedures.
President Obama told Congress the standards would "protect our national security, our jobs and our privacy".
But because the order does not amount to a new law it does not compel the private sector to take any action.
As a result, the president added that "Congress must act as well by passing legislation to give our government a greater capacity to secure our networks and deter attacks".
In response, the US Chamber of Commerce welcomed the emphasis on information sharing, but warned it would oppose any follow-up effort to impose new regulations on industry.
The American Civil Liberties Union (ACLU) also said it was "encouraged" by the order's wording - but has made clear it would oppose any effort to reintroduce the House Intelligence Committee's Cyber Intelligence Sharing and Protection Act (Cispa).
The proposed law would give permission to US companies to share cyber threat information with the government and others in the private sector. Firms would be offered "liability protection" if their conduct was later challenged.
Chairman Mike Rogers, a Republican, said: "This is clearly not a theoretical threat - the recent spike in advanced cyber attacks against the banks and newspapers makes that crystal clear."
The committee's senior Democrat, Dutch Ruppersberger, added: "We need to do everything we can to enable American companies to defend themselves... our bill does just that by permitting the voluntary sharing of critical threat intelligence."
However, the ACLU warned that exactly what counted as a threat remained "undefined" and the law "would trample on decades of privacy law".
It has suggested that once data was handed over it might "also be used for purposes completely unrelated to cybersecurity".
The House of Representatives passed Cispa last April. IBM, Oracle, Microsoft and Facebook backed the bill, saying efforts would continue to address civil liberty concerns.
But the White House warned that the president might veto any resulting law unless it added "clear legal protections and independent oversight" to address privacy concerns.
However, the president later wrote an op-ed broadly supporting related legislation when it went before the Senate a few months later.
Despite this, the bill failed to clear the upper house after senators failed to agree on proposed amendments.
Congressmen Rogers and Ruppersberger now intend to reintroduce April's version of Cispa to the House next week.