Warning that American companies are the
target of an intensive cyber-espionage campaign, President Barack
Obama's top security officials on Wednesday said they are struggling
to defend the nation from attacks on its private computer networks
and called on Congress to pass legislation that would close
Obama signed an executive order earlier this week that relies heavily on participation from U.S. industry in creating new voluntary standards for protecting information. The order also expands the government's effort to share threat data with companies.
But lawmakers and cyber experts say that Obama's directive is missing what U.S. businesses need most: legal protection so they don't get sued if they acknowledge they've been hacked or share threat data with competitors. That can only come from Congress, which hasn't been able to agree on how to protect businesses and consumers alike.
"The government is often unaware of malicious activity targeting our critical infrastructure," said Gen. Keith Alexander, head of the National Security Agency and U.S. Cyber Command.
In Obama's speech Tuesday, he said America's enemies are "seeking the ability to sabotage our power grid, our financial institutions and our air traffic control systems. We cannot look back years from now and wonder why we did nothing in the face of real threats to our security and our economy."
Largely symbolic, the plan leaves several practical questions unanswered: Should a business be required to tell the government if it has been hacked and U.S. interests are at stake? Can a person sue her bank or water treatment facility if those companies don't take reasonable steps to protect her? If a private company's systems are breached, should the government swoop in to stop the attacks - and pick up the tab?
Under the president's new order, the National Institute of Standards and Technology has a year to finalize a package of voluntary standards and procedures that will help companies address their cybersecurity risks. The package must include flexible, performance-based and cost-effective steps that critical infrastructure companies can take to identify the risks to their networks and systems and ways they can manage those risks.
Most Popular Stories
- Apple Wants Samsung to Pay $22M for Patent Dispute Legal Bills
- Twitter Coming to Phones Without Internet
- NASA Fellowships, Scholarships Bring Diversity to Workforce
- Dish Network Leads 2013 Top 50 Advertisers List
- Networks Vie for U.S. Hispanic TV Viewers
- Ad Counts Rise in 2013 for Hispanic Magazines
- Entravision Initiates Quarterly Cash Dividend
- Jobs Report Brings Cheer As Unemployment Drops to Five-year Low
- Starbucks Gets Grinchy; No Gingerbread Lattes for Tampa Customers
- Warner Bros. Unleashes 'Hobbit: Desolation of Smaug' Merchandise