- The Washington Times - Wednesday, February 13, 2013

Cybersecurity analysts on Wednesday criticized the Obama’s administration’s new plan to protect vital industries such as banking and energy from attacks by hackers, spies and foreign enemies.

Several analysts said that legislation is still needed to authorize federal agencies to regulate cybersecurity standards in the private sector, even after the presidential directive and executive order that Mr. Obama signed Tuesday.

Libertarians and business interests fretted about the possibility that the voluntary computer-security standards the orders promote might grow into a quasi-regulatory framework that stifles in red tape the companies that own critical industries.

“The danger is that this could easily grow into the centralized, bloated micromanagement of private-sector network security,” Julian Sanchez, a research fellow at the libertarian Cato Institute, told The Washington Times.


Mr. Sanchez said he is especially troubled that the orders give so much authority to the Department of Homeland Security to manage voluntary standards and public-private partnerships designed to protect U.S. industrial computer systems from attack via the Internet.

“The culture [at Homeland Security] does not seem to be one where employees are encouraged to recognize the limitations of their own expertise,” Mr. Sanchez said.

He noted that a congressional report last year found that Homeland Security officials continued to give glowing progress reports to lawmakers on the department’s nationwide network of counterterrorism “fusion centers” even when internal audits had revealed serious weaknesses in how they worked.

Rep. Mike Rogers, chairman of the House Permanent Select Committee on Intelligence, said Wednesday that Congress needs to “fill in the gaps” left by the president’s orders by providing legal protections for companies that cooperate with the government on cybersecurity.

“We are in a cyberwar already, and most Americans don’t know it,” the Michigan Republican said. “And at this point, we’re losing.”

Mr. Rogers said that hackers have attacked the websites of a growing number of U.S. banks since last fall, when Congress failed to pass any of several cybersecurity bills.

The attacks have not compromised bank accounts or financial data, but have prevented customers logging on for hours at a time and sometimes made online access difficult for several days.

The hackers, who announce their targets in advance online, call themselves “The Cutting Sword of Justice” and say they are Muslims outraged by a U.S.-made video that disparages Islam’s Prophet Muhammad.

But Mr. Rogers said Iran is behind the hacking, which he said looks like “probing” attacks that an enemy undertakes to test a nation’s defenses.

The president’s plan aims to provide more secret intelligence about cyberthreats, especially from spies and hackers, to the private sector, which owns more than 80 percent of the infrastructure vital to Americans’ everyday lives — from banking and telecommunications services to water systems, hospitals and transit networks.

“We know hackers steal people’s identities and infiltrate private emails. We know foreign countries and companies swipe our corporate secrets,” Mr. Obama said Tuesday in his State of the Union address. “Now our enemies are also seeking the ability to sabotage our power grid, our financial institutions, our air-traffic control systems.”

Story Continues →