WASHINGTON (Reuters) - A day after U.S. President Barack Obama signed an executive order on ways to better defend against cyber attacks, administration officials told a packed audience of industry insiders that no government agency can tackle the threat alone.
The event on Wednesday at the U.S. Department of Commerce kicked off what is likely to be a lengthy new effort to upgrade U.S. defenses against cyber attacks. A previous effort stalled in Congress last year.
House Intelligence Committee Chairman Mike Rogers of Michigan reintroduced his cyber-security bill on Wednesday with a pledge there would be no schism with the White House over the issue. Obama threatened to veto the bill in 2012, citing lax safeguards for privacy and confidentiality.
The promises of collaboration echoed a rising urgency within the administration, along with many in private industry, who warn that the United States is increasingly vulnerable to a crippling cyber attack.
Relentless efforts to hack the country’s banks, power grid and other critical infrastructure, paired with instances of disruptive attacks abroad, pose a national security threat, experts warn.
The U.S. Federal Reserve is the latest institution to have its computer systems breached by hackers, an incident now the subject of a criminal probe by the FBI.
“Dangerous capabilities are out there, the bad people are out there and all that has to happen is someone decides they’re finally going to step over the threshold and really cross the line of damage,” Michael Chertoff, former secretary of homeland security, said on the sidelines of Wednesday’s event.
The issue jumped to national prominence on Tuesday when Obama unveiled his executive order in the State of the Union address. “We cannot look back years from now and wonder why we did nothing in the face of real threats to our security and our economy,” Obama said.
The order, which does not have the same power as law, seeks to make it easier for the government to warn private companies of cyber threats and to set up a system of voluntary cyber-security standards.
‘WE WILL NEED YOUR HELP’
Industry experts viewed the order as a good step after last year’s failed attempts to pass a cyber law, but some noted its lack of teeth in enforcing actual change.
The administration hopes that private companies will help write and adopt the standards and perhaps voluntarily share cyber-threat information among themselves.
“The bottom line is that we will need your help in making this (executive order) work,” Michael Daniel, White House cybersecurity coordinator, told the crowd gathered to hear details of the order. “Cyber security must be a shared collective endeavor.”
Often-antagonistic government agencies, including the departments of Homeland Security, Justice and Commerce, pledged close cooperation.
“That’s the first time that’s ever happened. ... That was very powerful to me,” said Mary Ellen Callahan, a former chief privacy officer at the Department of Homeland Security and now a lawyer at Jenner & Block in Washington.
Implementation could be another matter.
The order’s call for cyber-security standards still rubs some lawmakers and industry players - in particular the powerful business lobby the U.S. Chamber of Commerce - the wrong way. They worry that what starts off as a process of compiling voluntary standards would turn into mandatory regulations.
The White House and cyber community repeated the pleas for passage of a comprehensive bill in Congress to complement the executive order that would, among other things, give companies liability protection.
Editing by Ros Krasny and Peter Cooney