Government officials made a push today for the private sector to join a coordinated effort to protect the nation’s businesses and critical infrastructure from cyber attacks.
In the morning, administration officials, including the Justice Department’s No. 2 leader, held a briefing in a packed auditorium at the Commerce Department in Washington, D.C., explaining a new executive order on cyber security issued yesterday by President Barack Obama.
In the afternoon, Reps. Mike Rogers (R-Mich.) and Dutch Ruppersberger (D-Md.), the bipartisan leadership of the House Permanent Select Committee on Intelligence, discussed their reintroduced legislation to allow the government to pass classified information to the private sector to protect companies against hackers and other intrusions in information systems.
Both events followed yesterday’s State of the Union address, in which Obama the dangers of sophisticated, malicious hackers extends beyond theft of email or corporate secrets. “Now our enemies are also seeking the ability to sabotage our power grid, our financial institutions, and our air traffic control systems,” Obama said. ”We cannot look back years from now and wonder why we did nothing in the face of real threats to our security and our economy.”
A long line of lobbyists and others trying to enter the Commerce Department briefing this morning underscored the high stakes and broad implications of the administration’s call for a united effort against hackers. “This is the place to be this morning,” chuckled Deputy Commerce Secretary Rebecca Blank, one of the administration’s point people on cyber security.
Gen. Keith Alexander, commander of the U.S. Cyber Command at the National Security Agency, stressed the need for public-private cooperation. ”The government can’t do it by itself. We have to have government and industry working as a team,” he said. Without input from companies, the government is hampered by “blind spots” that “prevent us from knowing when we need to defend the nation,” Alexander said.
Jane Holl Lute, deputy secretary of the Department of Homeland Security, said that while Congressional action ultimately is needed, Obama’s executive order will expand opportunities to share classified information now. The order also sets up a voluntary program for companies to adopt a new framework for dealing with threats. For example, the Department of Energy is already speaking with electricity providers about hardening systems against attack, she said.
Deputy Attorney General Jim Cole said the executive order expands the Enhanced Cybersecurity Services initiative, a voluntary program to share classified information on threats with security-cleared employees of the private sector owners of utilities and other critical infrastructure. The order also requires the Department of Justice, DHS and the Office of the Director of National Intelligence to declassify relevant reports and “establish a process for rapidly notifying” U.S.-targeted entities of cyber threats, he said.
“How will we ensure that information received and disseminated under the Executive Order is protected consistent with our commitment to protect privacy and civil liberties?” Cole asked. “We will do so by ensuring that our cyber security activities are conducted in a transparent manner with the guidance and oversight of officials trained to safeguard privacy and civil liberties.”
At the Center for International Studies, a think tank in Washington, lawmakers Rogers and Ruppersberger participated in a discussion about their proposed Cyber Intelligence and Sharing Protection Act (H.R. 624). They introduced the bill today, and it is identical to the Cyber Intelligence Sharing and Protection Act (H.R. 3523) which the House approved on a bipartisan vote of 248-168 in April 2012, according to Rogers.
On cyber security, “[M]ost people in this country don’t have a clue about where we are and where the threats are,” said Ruppersberger, the Maryland Democrat.
Ruppersberger defended the need for the legislation in the face of criticism about its civil liberties implications.
“The bill does not authorize the government to monitor your computer, read your email or Facebook posts or your tweets,” he said. “We’re not here to promote litigation.”
But he added: “The threats are so serious that we have to deal with these threats.