Update on August 2 - Senate blocks Cybersecurity Act

U.S. President Barack Obama on Thursday decided to write about hackers in an opinion editorial titled "Taking the Cyberattack Threat Seriously" which originally appeared on the official website for the White House and then subsequently published on the WSJ. This is huge.

You see, this isn't a defense expert talking about how the U.S. should hire more hackers , a cybersecurity advisor saying China has hacked every major U.S. company, or even the FBI saying the U.S. losing the hacker war. This is the president of the United States of America outlining his thoughts on the threat of a cyber attack against the world's most powerful country.

First Obama introduced the topic by discussing an experiment his administration ran to see the potential damage a cyber attack could inflict, without actually saying it was a test. Then he got more serious:

Fortunately, last month's scenario was just a simulation—an exercise to test how well federal, state and local governments and the private sector can work together in a crisis. But it was a sobering reminder that the cyber threat to our nation is one of the most serious economic and national security challenges we face. So far, no one has managed to seriously damage or disrupt our critical infrastructure networks. But foreign governments, criminal syndicates and lone individuals are probing our financial, energy and public safety systems every day.

Obama went on to list a few worst-case scenarios:

It doesn't take much to imagine the consequences of a successful cyber attack. In a future conflict, an adversary unable to match our military supremacy on the battlefield might seek to exploit our computer vulnerabilities here at home. Taking down vital banking systems could trigger a financial crisis. The lack of clean water or functioning hospitals could spark a public health emergency. And as we've seen in past blackouts, the loss of electricity can bring businesses, cities and entire regions to a standstill. This is the future we have to avoid. That's why my administration has made cybersecurity a priority, including proposing legislation to strengthen our nation's digital defenses. It's why Congress must pass comprehensive cybersecurity legislation.

You might be wondering what legislation he's talking about. Obama is calling on Congress to pass a revised cyber security bill, introduced in the Senate on Thursday, to protect critical computing infrastructure from hackers. Expect to hear about it increasingly in the coming weeks.

The Cybersecurity Act of 2012 (PDF), first introduced in February 2012, set cyber security standards for critical infrastructure, and gave legal immunity to companies who would meet them. The new law would require the Department of Homeland Security to assess risks and vulnerabilities of computer systems running at critical infrastructure sites.

Security experts worry private companies won't make upgrades to protect their computer networks without enforceable regulations, but business lobbyists argued regulations would harm many firms. As such, the Thursday bill includes amendments that narrow the definition of what information about cyber threats can be shared between companies and the government. It also says companies will share cybersecurity information mainly with civilian agencies, as opposed to with military groups.

Obama concluded:

Today we can see the cyber threat to the networks upon which so much of our modern American lives depend. We have the opportunity—and the responsibility—to take action now and stay a step ahead of our adversaries. For the sake of our national and economic security, I urge the Senate to pass the Cybersecurity Act of 2012 and Congress to send me comprehensive legislation so I can sign it into law. It's time to strengthen our defenses against this growing danger.

Look out for what my colleague David Gerwitz will have to say come Monday as he's planning to discuss this topic in further depth. In the meantime, I encourage you read the full Op-ed by President Obama.

Update on July 23 - How cybersecurity is like Star Trek's transporter

Update on August 2 - Senate blocks Cybersecurity Act

See also: