Warning that cyberattacks pose a danger to US security, President Barack Obama signed an executive order designed to better protect critical infrastructure from computer hackers.
Obama, in his annual State of the Union speech to a joint session of the US Congress, said the United States is facing a “rapidly growing threat from cyber-attacks.”
“We know hackers steal people’s identities and infiltrate private email,” he said. “We know foreign countries and companies swipe our corporate secrets.
“Now our enemies are also seeking the ability to sabotage our power grid, our financial institutions, and our air traffic control systems,” Obama said.
“We cannot look back years from now and wonder why we did nothing in the face of real threats to our security and our economy.”
Obama said his executive order would “strengthen our cyber defenses by increasing information sharing, and developing standards to protect our national security, our jobs, and our privacy.”
The president also urged Congress to pass legislation “to give our government a greater capacity to secure our networks and deter attacks.”
The executive order calls for voluntary reporting of threats to US infrastructure such as power grids, pipelines and water systems.
The directive, which follows two failed attempts in Congress to pass cybersecurity legislation, allows the government to lead an information-sharing network but stops short of making mandatory the reporting of cyber threats.
A senior administration official said the order does not preclude the need for legislation but gets a cybersecurity program started that can encourage sharing information that may be confidential or classified.
The order allows for “sharing of classified information in a way that protects that classified information but enables the broader use of it to protect our critical infrastructure,” the official said.
The White House move came despite criticism from some lawmakers that an executive order bypasses the legislative process.
White House officials pointed out that the measure would not apply to consumer-based services or information systems which do not meet the standard of “critical infrastructure.”
“It’s about protecting the systems and assets where an attack could have a debilitating impact on our national security,” one official said.
The officials sought to quell concerns the measure could lead to increased surveillance of citizens, and said it requires federal agencies “to carry out these tasks in a way that protects privacy and civil liberties.”
Legislation has stalled on cybersecurity amid opposition from a coalition of civil libertarians who fear it could allow too much government snooping and conservatives who said it would create a new bureaucracy.
US military officials have argued that legislation is needed to protect infrastructure critical to national defense, including power grids, water systems and industries ranging from transportation to communications.
Analyists at the National Cybersecurity & Communications Integration Center in Arlington, VA, September 24, 2010. Warning that cyberattacks pose a danger to US security, President Barack Obama signed an executive order designed to better protect critical infrastructure from computer hackers.