The president reportedly plans to issue an executive order to protect the nation's critical systems from cyber attacks, and Republicans are not happy
Here's a campaign promise we didn't hear much during the 2012 presidential election: President Obama will keep hackers out of America's water supply. It seems like something from the latest 007 movie — but the Obama administration is taking the threat seriously. He proclaimed October National Cyber Security Awareness month, beefed up the military's cybersecurity defenses in a secret directive, and supported (failed) legislation that would have protected the nation's infrastructure from hackers. Now, the president is expected to issue an executive order to accomplish that latter goal, a move that is drawing criticism from House and Senate Republicans. Here's what you need to know:
1. It's about defense, not offense
The order aims to protect U.S. infrastructure, which is increasingly connected to the internet. Hypothetically, a hacker could use the web to poison a local water supply, or even turn off New York City's electricity.
Joel Brenner, former senior counsel at the National Security Agency, told PBS NewsHour that the threat is real: "A number of people in the intelligence business have seen the Iranian, the Chinese, and the Russians inside of some of our critical systems."
If you think utility companies are proactively stopping these attacks without government prodding, think again: "These companies aren't even investing for reliable power," says Richard Bejtlich, the chief security officer at Mandiant. "Security is just way outside their realm of concern."
2. The Department of Defense supports it
There's plenty that President Obama and Defense Secretary Leon Panetta don't agree upon — like across-the-board defense cuts — but they're on the same page when it comes to cybersecurity. Panetta, who supported the same failed legislation as Obama, said last month that "a cyber attack perpetrated by nation states or violent extremists groups could be as destructive as the terrorist attack on 9/11... [it] could virtually paralyze the nation."
3. It's not SOPA
Remember when you couldn't get on Wikipedia for 24 hours (and high-school students couldn't write their papers)? It was part of a widespread protest against the Stop Online Piracy Act (SOPA). The bill, which was designed to protect online intellectual property, drew opposition from companies who claimed it would clamp down on free speech.
Some conservatives are trying to draw parallels between Obama's cybersecurity order and SOPA, but that's not accurate. SOPA dealt with intellectual property, while the order would focus on utility companies.
4. The order's information-sharing makes people nervous
The Obama administration will likely ask companies to participate in a voluntary program where they have to meet certain cybersecurity standards. But the government may also start providing incentives for companies who participate, like giving them preference in federal contracts. This kind of semi-mandated information-sharing makes good government experts uncomfortable.
"Any action by any occupant of the White House on an executive order that mandates the collection of data across federal agencies worries me," ACLU Executive Director Anthony Romero told the Los Angeles Times. "We've had President Bush, and when you use executive order powers for good reasons, you'll find them used and turned right on us."
Mark Jaycox, a policy analyst at the Electronic Frontier Foundation, agrees that "information-sharing is a slippery slope."
5. Obama won't wait for legislation
Republicans are criticizing the idea of an executive order because they're against unilateral oversight of the internet. But Obama already tried the legislative route, and is now likely to move ahead with the order regardless.
"The current prospects for a comprehensive bill are limited and the risk is too great for the administration not to act," says Caitlin Hayden, a spokeswoman for the Obama administration. "The president is determined to protect our nation against cyber threats."
Other stories from this topic:
- Best Column: Why it's time to kill the online password
- The List: The 25 worst passwords of 2012
- Burning Question: Could hackers use pacemakers to commit mass murder?