President Obama Friday laid out his strategy to secure U.S. computer networks, creating another White House czar and linking cyber security to the broader priority of restoring the nation’s prosperity that has dominated his administration’s first months.
“America’s economic prosperity in the 21st century will depend on cyber security,” Mr. Obama said.
In keeping with a pledge he made during last year’s campaign - during which, he acknowledged, his own Web site was hacked - he said the issue would be a top priority for his administration.
He said he would name a “cyber-security coordinator” to manage U.S. policy across all departments of government. While he did not announce his selection, Mr. Obama singled out the official who led the cyber-security review, Melissa Hathaway, for particular praise, noting that the review had been “open and transparent.”
By making the new czar a member of both the National Economic Council and the National Security Council, the president signaled his determination to treat cyber security as an economic imperative as well as a security priority.
“From now on, our digital infrastructure - the networks and computers we depend on every day - will be treated as they should be: as a strategic national asset,” Mr. Obama said. “We will ensure that these networks are secure, trustworthy and resilient. We will deter, prevent, detect and defend against attacks and recover quickly from any disruptions or damage.”
Paul Kurtz, a cyber-security official in both the George W. Bush and Bill Clinton White Houses, said this declaration was the key news in the president’s speech.
“These are assets that are vital to our economic well-being as well as to our national security,” he told The Washington Times.
He defended the decision to give the cyber czar a dual reporting chain through both the deputy national security adviser for homeland security, John Brennan, and top economic aide Lawrence H. Summers, pointing out that cyber-security issues quickly become economic ones.
“You very quickly get to the question of whether or not to regulate to improve cyber security,” Mr. Kurtz said. “It is very appropriate that the [National Economic Council] be involved.”
The president addressed that issue directly, pledging not to impose new regulations but to work with the private sector, which owns and manages the Internet and most other digital infrastructure.
“My administration will not dictate security standards for private companies,” he said. “On the contrary, we will collaborate with industry to find technology solutions.”
He also promised to defend these networks without infringing on Americans’ rights and to create a special privacy and civil liberties officer inside the new czar’s office.
“Our pursuit of cyber security will not, I repeat, will not include monitoring private sector networks or Internet traffic,” he said. “I remain firmly committed to net neutrality so we can keep the Internet as it should be - open and free.”
The announcement was welcomed by private sector executives and by some privacy and transparency advocates, but got a mixed reception on Capitol Hill.
Ann Beauchesne, of the U.S. Chamber of Commerce, said business “welcomes the administration’s efforts to turn a campaign promise into action.”
Center for Democracy and Technology President Leslie Harris said it was clear the White House was “committed to building privacy into these …policy recommendations from the beginning of the process.”
Gary Elliott, chief information security officer with the California-based Adaptive Cyber Security Instruments Inc., said he agreed with the president’s effort to centralize the management of cyber-security threats.
“It is also important to unify all aspects of American security, including the private sector, to combat the security threat,” he said.
Political reaction on Capitol Hill was more measured, with several lawmakers saying they needed to see the fine print and a key Republican, Sen. Susan Collins of Maine, saying the appointment of “yet another” White House czar would do little to resolve bureaucratic turf battles.
“The details will prove to be very important,” said House Intelligence Committee Chairman Rep. Silvestre Reyes, a Democrat from Texas, promising to “carefully scrutinize” the policy.
While Mr. Obama did not address the issue of legislation in his remarks, the detailed review document the White House published Friday noted several areas where existing U.S. law might need to be changed, including legislation governing security and authorities over the federal government’s own networks.
Lawmakers in the House and Senate are weighing more than half a dozen cyber-security bills at various stages of development. Some legislation addresses the issue of who should be in charge of U.S. policy. The current lead agency on the issue in most instances is the Department of Homeland Security, although many believe it lacks the authority to match those responsibilities.
“I don’t think the appointment of yet another czar in the White House is the answer to this pressing and complex issue,” said Ms. Collins, the senior GOP member of the Senate homeland security committee, which is weighing legislation.
In remarks that presage tensions likely to emerge as lawmakers seek to flex their muscles on the issue, Ms. Collins said the move would “hinder Congress’ ability to effectively oversee federal cyber-security activities and will do little to resolve the bureaucratic conflicts, turf battles, and confusing lines of authority that have undermined past cyber-security efforts.”
Joseph Weber contributed to this report.