President Obama released Thursday his long-awaited proposal to protect the nation’s computer networks from cyber-attacks, after more than two years of planning.
The plan would rely heavily on industry to devise its own set of standards, giving the Department of Homeland Security an oversight role but no authority to impose fines. And some parts of the proposal are still being worked out: For example, the definition of which industries qualify as “critical infrastructure” is still under discussion.
A technology expert said Mr. Obama’s proposal is remarkable for what’s not included - authority for the president or the Department of Homeland Security to order a company to shut down its operations when under cyber-attack.
“The president himself may have killed the Internet ’kill switch’ idea,” said Gregory Nojeim, director of the Project on Freedom, Security and Technology at the Center for Democracy and Technology.
A senior White House official said the administration thinks the president has sufficient authority now to act in a cyber-emergency.
Stewart Baker, a former assistant secretary at DHS under President George W. Bush, panned the proposal as “weak tea.”
“The tea bag doesn’t seem to have actually touched the water,” he said. “The privacy and business groups that don’t want us to do anything serious about the cybersecurity crisis have captured yet another White House.
“At a time when foreign governments and criminals don’t just collect information on Americans, but have the ability to turn on the cameras and microphones in our homes while recording our keystrokes, the administration’s proposal shows no sense of urgency.”
National security officials have warned for years that the nation is too vulnerable to cyber-attacks that could cripple electrical grids, government operations and financial markets. Intelligence and military chiefs have grown increasingly worried about cyberspies from China and Russia infiltrating military computer systems.
But a comprehensive solution has been elusive, and the administration has had internal setbacks along the way. The president outlined his plans in a speech in May 2009, but his acting cybersecurity “czar” soon resigned and the post went unfilled for several months. Mr. Obama finally named former Bush administration adviser Howard Schmidt as cybersecurity coordinator in December 2009.
The formulation of a plan also raises privacy concerns, with consumers and libertarians wary that personal information could be revealed as government agencies share information on security procedures.
With various congressional committees claiming jurisdiction of the issue, a final bill is still months away.
In a joint statement, Senate Homeland Security and Governmental Affairs Committee members Joe Lieberman, Connecticut independent; Thomas R. Carper, Delaware Democrat; and Susan M. Collins, Maine Republican, said the president’s proposal is a “welcome and necessary addition to the work we have been doing for the past several years.”
Alan Paller, director of research at SANS Institute, a cybersecurity training organization, called the administration’s plan a “catalyst.”
“Many people will have to act to make it effective,” he said.
Please read our comment policy before commenting.