Obama may issue order on defense against cyber attacks on Wednesday : sources

WASHINGTON Tue Feb 12, 2013 1:25pm EST

U.S. President Barack Obama walks through the colonnade of the White House in Washington February 12, 2013. REUTERS/Yuri Gripas

U.S. President Barack Obama walks through the colonnade of the White House in Washington February 12, 2013.

Credit: Reuters/Yuri Gripas

WASHINGTON (Reuters) - U.S. President Barack Obama plans to release a long-awaited executive order aimed at improving the nation's defenses against cyber attacks as early as Wednesday, according to sources familiar with the matter.

The order, drawn up after Congress failed to pass cyber defense legislation last year, is meant to improve the protection of critical industries and infrastructure from cyber intrusions.

Concerns about cyber attacks, which have hit a succession of major U.S. companies and government agencies in recent months, also could be raised by Obama in his annual State of the Union address to Congress on Tuesday evening.

One of the White House's major goals is to improve information-sharing about attacks among private companies, and between companies and the government.

"Our biggest issue right now is getting the private sector to a comfort level so they can report anomalies, malware, incidents within their network" without undue fear of being "outed" as victims, said FBI Executive Assistant Director Richard McFeely, head of the Criminal, Cyber, Response and Services Branch.

The order is expected to give the Department of Homeland Security (DHS) the lead role in protecting critical U.S. infrastructure, according to a government official who had seen a final draft of the order's executive summary.

DHS will be tasked with setting up a system for sharing cyber threats with private industry and be responsible for protecting critical infrastructure, the official said. Most of the critical U.S. infrastructure is run by private industry.

"We know the executive order isn't going to go as far as legislation could or will go, but it's a good start," the official said.

Some Republicans had wanted the Department of Defense to play the lead role instead of DHS.

Cyber security experts say the executive order - which does not have the same force as a law - is a step in the right direction and indicates Obama takes the problem seriously.

"I think this can fairly be described as a down payment on legislation," said Stewart Baker, former National Security Agency general counsel and a past assistant secretary for policy at the Department of Homeland Security.

Stewart said he thought the executive order would make a difference in policy and practical terms "but whether it will provide practical protection from cyber attacks is still in doubt."

The executive order will make it easier for people at private companies to get security clearances so classified information can be shared, according to earlier drafts that were leaked and posted online.

It will also make companies work with the National Institute of Standards and Technology to come up with sector-specific standards for cyber security and will then require companies to engage with their regulators to decide how those standards are implemented.

"Companies aren't going to, at first, be required to do anything. These are voluntary standards, except for a few critical infrastructure companies," said James Lewis, senior fellow at the Center for Strategic and International Studies.

"If you're regulated, the regulator will be able to say, 'Here are some new standards.' If you're not regulated you won't be touched at all."

(Reporting By Steve Holland, Deborah Charles and Joseph Menn. Writing by Warren Strobel; Editing by Cynthia Osterman and Todd Eastham)

FILED UNDER:
We welcome comments that advance the story through relevant opinion, anecdotes, links and data. If you see a comment that you believe is irrelevant or inappropriate, you can flag it to our editors by using the report abuse links. Views expressed in the comments do not represent those of Reuters. For more information on our comment policy, see http://blogs.reuters.com/fulldisclosure/2010/09/27/toward-a-more-thoughtful-conversation-on-stories/
Comments (3)
minreprt wrote:
An0nymous must have really shook them up!

Feb 11, 2013 11:18pm EST  --  Report as abuse
Question is, are the banks willing to say they are hacked? or data compromised? NO! that would spook the markets. And how will they trace the hackers since they have mutating IP’s. We are very quick to lead the way in state sponsored hacking like Stuxnet and Duquu, what if the shoe is on the other foot?
The hackers are bunch of cyber warriors acting on their own and wide spread globally, this is just the beginning of something we did not bargain for, the loss of internet innocence.

Feb 11, 2013 11:25pm EST  --  Report as abuse
P-Hil wrote:
DOJ website gets hacked.
For a week.
Obama wants to use “executive orders” to let DHS handle cyber security, not just for government, but in private sector now.
DHS can’t even protect DOJ.
This is an obvious win for the American people.
/sarcasm

Feb 12, 2013 6:54pm EST  --  Report as abuse
This discussion is now closed. We welcome comments on our articles for a limited period after their publication.