backtop


Print 39 comment(s) - last by MarthaGray22.. on Feb 17 at 9:30 PM

Order has been anticipated for some time now

President Barack Obama (D) has been widely criticized by conservatives for his use of executive orders to push the federal actions he wants when Congress is unwilling to go along with him.  The tactic isn't exactly new (FDR signed nearly 4,500 executive orders) and President Obama hasn't used it all that often (he's signed 144) [source].  But his critics contend his executive orders are more sweeping and loaded with action than past ones, so the small count is misleading.

I. Some Critics Say the Order Goes Too Far...

That criticism may be revived this week if President Obama drops his long-awaited cyberwarfare executive order.

Reuters spoke with government officials who had seen the order and said it is expected for a Wednesday drop.  The order is expected to expand the role the U.S. Department of Homeland Security (DHS) plays in policing the homeland online from both internal and external threats.
 
Obama speaking
President Obama wants to expand the federal gov't to "solve" the cybersecurity "crisis".
[Image Source: U.S. Aid]

 
The expansion of DHS authority alone is enough to make many a bit queasy.  Under President Bush, the new intelligence agency was a key point of controversy from his Democratic and third party critics.

Some Republicans even opposed the DHS under both Bush and Obama, although they're a drastic minority in Congress.  Perhaps most notable is Rep. Ron Paul (R-Texas) who has suggested that the Department of Homeland Security is poor in talent, offensive to civil liberties, and redundant, commenting [source]:

Before 9/11, we were spending $40 billion a year, and the FBI was producing numerous information about people being trained on airplanes, to fly them but not land them. And they totally ignored them. So it’s the inefficiency of the bureaucracy that is the problem. So, increasing this with the Department of Homeland Security and spending more money doesn’t absolve us of the problem. Yes, we have every right in the world to know something about intelligence gathering. But we have to have intelligent people interpreting this information.

But like it or not, Ron Paul and his supporters on the left and right may be unable to stop President Obama from pushing through the plan.

II. ...Others Complain It's Too Weak

One thing that will make it difficult to rally Congressional opposition to the order is that the order itself is actually relatively similar to the bills put forth by bipartisan committees in both the House and Senate last year.

In reality, most Congressional Democrats and Republicans agreed that some sort of increase in cyberdefense spending and more codified framework for public-private sharing of information on threats was necessary.  Both plans involved incorporating the DHS into those roles.  So on the surface at least the pending executive order does not sound all that different from what either the House or Senate had agreed upon.

Ultimately, neither bill passed last year, thanks largely to partisan bickering.  While the House bill and Senate bill were remarkably similar, the Republican controlled house insisted on its version being passed, while the Democratic controlled Senate demanded its bill be the final version.  Ultimately that gridlock sunk both bills, when a series of small changes would likely have been enough to reconcile the differences between the two bills.
 
Congress Buillding wide
Despite drafting nearly identical bills last year, the House and Senate were not able to reach agreement, due largely to partisan bickering. [Image Source: U.S. Congress]
 
The U.S. Federal Bureau of Investigation (FBI) is among the cyberdefense agencies frustrated by that bureaucratic train wreck.  But officials to acknowledge that it won't be easy convincing the private sector to trust federal security.

Comments FBI Executive Assistant Director Richard McFeely, head of the Criminal, Cyber, Response and Services Branch, "Our biggest issue right now is getting the private sector to a comfort level so they can report anomalies, malware, incidents within their network [without them fearing media leaks]."

Reportedly the information sharing portions of the order will be voluntary for most businesses.  

Indeed, despite the controversy over what the order does do, there's also some concern/criticism about how much it doesn't get done.  Comments one source to Reuters -- "We know the executive order isn't going to go as far as legislation could or will go, but it's a good start."

Stewart Baker, former National Security Agency (NSA) general counsel and a past assistant secretary for policy at the DHS comments, "I think this can fairly be described as a down payment on legislation.  [It should do something positive], but whether it will provide practical protection from cyber attacks is still in doubt."

Source: Reuters



Comments     Threshold


This article is over a month old, voting and posting comments is disabled

RE: Don't get it
By NellyFromMA on 2/12/2013 4:29:43 PM , Rating: 2
While at first I am not for this executive order in its current standing, to answer your question...

I think the issue is that the private sector has been left to cover itself already and has failed miserably. The number of domestic-bound attacks / hacks in the passed 5 years alone is scary, nevermind how many of them took place in the last 2-3.

The private sector in many ways is too diverse to generalize as inept in this regard, and yet, the multitude of successful intrusions and the various markets these attacks penetrated is alarming at best. That is the problem.

The solution... not as easy to identify. Is it the public sectors responsibility to come swooping in to save the day here? Normally the thought causes me to cringe and naysay (with good reason most of the time). However, the stakes probably can't be larger in this scenario.

We have attacks we can only try to ID by attack surface, or style / signature that are occurring on national infrastructure, banking, defense... we beleive they are largely other nations but they could be other foreign entities (non-sovereign).

America can not act on what it thinks any longer, it must act on what it knows. Particularly since China's primary offense and defense is deception-based.

In light of this, the public sector and truly society at large is essentially under attack. Something must be done... this bill... idk if its appropriate for the situation honestly.

We don't really seem to have a problem with domestic hackers attacking domestic end points. It's foreign hacking that is largely the problem. I think it calls further into question how we respond to and react to these 'cyber attacks'. The problem is, if you can't definitively identify the attacker, how can you really take action against them. That's less information than we thought we had before invading Iraq in 03.

It's a really tough issue, and IMO the most important issue we have as a nation... I'll even go so far as to say hacking has a role in the current state of our economy and so I rank it even above our economy's health as a national priority.

Ultimately the public sector's involvement is largely because of the private sector's lack of involvement. What the public sector can do that the private sector can't is a good question though. Presumably direct access to telecom infrastructure helps?


RE: Don't get it
By Reclaimer77 on 2/12/2013 4:59:11 PM , Rating: 3
quote:
I think the issue is that the private sector has been left to cover itself already and has failed miserably. The number of domestic-bound attacks / hacks in the passed 5 years alone is scary, nevermind how many of them took place in the last 2-3. The private sector in many ways is too diverse to generalize as inept in this regard, and yet, the multitude of successful intrusions and the various markets these attacks penetrated is alarming at best. That is the problem.


I don't think you (we) have enough information to make that judgement. We only hear about the big high profile hacks. We don't hear about the hundreds or thousands of ones that are stopped cold by private sector security do we? So without the hard facts and numbers, how can we make that estimation?


"DailyTech is the best kept secret on the Internet." -- Larry Barber














botimage
Copyright 2014 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki