What Does Obama’s Executive Order On Cybersecurity Mean?
In last night’s State of the Union Address, President Obama called for… well, a lot of things. It’s the State of The Union, it covers a lot of ground. One item high on the agenda, though, was improving cybersecurity around the nation. It was a timely concern, considering that Anonymous members were threatening to disrupt the online broadcast of the President’s speech, a threat they failed to follow through on. Before he took the stage though, Obama had already signed an executive order in the hopes of strengthening America’s infrastructure — things like power grids and air traffic control systems — against cyber attacks. While well meaning, though, the order is largely toothless.
The order, which Obama signed yesterday morning and was released as his speech began, means that the government will form a new set of cybersecurity standards to protect critical pieces of American infrastructure that can be vulnerable to cyber attacks — power plants, for example. What it doesn’t mean is that any of the industries covered by the order will actually have to meet the completely voluntary standards, at least for now. So while this may be an according to Hoyle executive order, in practice it’s more like an executive strongly worded suggestion.
While it’s a nice thought and a good start, that’s not enough. Legislation that would implement more stringent, mandatory security regulations on critical infrastructure died in the Senate last year, with opponents arguing that new regulations would cost too much for companies to implement. Because clearly, the right call here is to wait until those pieces of infrastructure have actually been damaged by hackers to react to it, rather than ask a company that supplies necessary basic services like power to accept a new cost of doing business as their industry changes. After all, if executives put their heads in the sand on security issues, they don’t have to pay for more IT guys, and then there’s more money leftover to give themselves bonuses at the end of the year. This, of course, is exactly how bonuses should work.
Infrastructure isn’t the only arena where the administration is making cybersecurity a priority, though. The Pentagon recently acknowledged plans to grow its cybersecurity division from 900 to 4900 personell in the next five years. That move, brought about by the Cyber Command arm of the Defense Department, is key to one of the other points the President made in his speech — the necessity for America’s cybersecurity strategy to be not just defensive and reactionary, but capable of fighting what amounts to a shooting war on the Internet.