White House prepares computer security order

Posted on October 24, 2012


October 20, 2012
It is not known when he will sign the order
WASHINGTON – A new provision would force the White House to spy agencies in the United States share the latest intelligence on cyber threats with businesses operating power grids, water plants, railways and other vital infrastructure, to protect against attacks.

The Executive Order, a copy of which was obtained by The Associated Press, has seven pages and not over drafted. This measure takes shape at a time when the administration of President Barack Obama expresses a growing concern that Iran could be the first country to commit a terrorist cyber attack against the United States.

The military has warned it will retaliate if the United States is the target of cyber weapons, said the defense secretary, Leon Panetta. But the United States is ill-prepared to prevent an attack of this nature, which could damage or disable critical services that are part of everyday life.

The White House refused to report when the president signed the order.

The draft would put the Department of Homeland Security in charge of organizing a network of data sharing, which quickly circulated edited summaries of intelligence reports, about known threats that identifies a specific target.

With these caveats, the owners and operators of critical U.S. companies would be better equipped to prevent potential attackers access to their computer systems.

An organized and comprehensive strategy to share information the government collects on computer threats is considered essential for any U.S. plan that seeks to protect computer networks against enemy nations, terrorist organizations and hackers. Existing efforts to share information only now focus on specific industries, such as finance, and have had differing levels of success.

But the order has led to expressions of rejection of Republicans on Capitol Hill. She is considered a unilateral step that circumvents the legislative authority.

Obama administration officials said the order became necessary after Congress failed to pass in the middle of this year a computer security legislation, leaving them vulnerable to critical infrastructure companies face a growing and serious threat.

Contradictory initiatives were approved separately in the House of Representatives and Senate, including some provisions on data sharing.

Efforts to draft a final action in both chambers failed, to the concerns expressed by Republicans, the Senate proposal that expanded the government’s regulatory power and raise costs for businesses.

The White House has acknowledged that an order of the President, but is binding, not enough. We need a law to make other changes to improve the defenses of the country in the digital age. For example, an order of this nature can not provide protection to a company on the responsibilities that would result from a hacking attack against its systems.

The addition of provisions that include sharing information is the most significant change on an earlier draft of the order, which was conducted in late August. The new document, undated, preserves a section that requires the Department of Homeland Security to identify vital systems, to be targeted by a cyber attack, could “lead to an impact that undermines” national and economic security.

Other sections establish a program to encourage companies to adopt voluntary safety standards, and instruct federal agencies to determine whether the existing regulations on the subject is appropriate.

In the new draft includes guidelines for the Department to work with the Pentagon, the National Security Agency, the intelligence director and the Department of Justice to establish promptly the data sharing mechanism. Some employees in critical infrastructure companies would receive permission to obtain the information, the statement said.

Federal agencies would be required to assess whether the order involves some risks to privacy and civil liberties.

Posted in: Uncategorized