In the hopes of creating better data protection and security across the United States, President Barack Obama has signed an Executive Order that promotes expanded information sharing between private companies and government entities. This will guide the country's infrastructure and offer an alternative to legislation that Congress failed to pass in 2012.
"Repeated cyber intrusions into critical infrastructure demonstrate the need for improved cybersecurity," the mandate stated. "The cyber threat to critical infrastructure continues to grow and represents one of the most serious national security challenges we must confront. The national and economic security of the United States depends on the reliable functioning of the Nation's critical infrastructure in the face of such threats."
The New York Times said the order will allow companies that look over information coming from infrastructure like dams, electric grids and finances, otherwise known as critical infrastructure operators, to start a program that will provide real-time reports about cyberattacks as they bubble to the surface. There will also be recommendations that businesses will follow to prevent being attacked and try to define different parts of the government that will help play a role in slowing or stopping these attacks entirely.
Obama said in his State of the Union Address that he does not want to see the country look back years from now and feel like nothing was done to stop the economic threats coming through online channels, as he believes that enemies are already actively plotting attacks on air traffic control systems and power grids.
One such attack was reported on by NBC News and said a company providing industrial automation technology to energy sector regulators were the target of elaborate attacks in both North America and Spain. This was said to be a foreign group from the east which has already made a name by hacking into key pieces of infrastructure in the western world, the report said.
More to be done?
The New York Times piece on this order spoke with Dale Peterson, founder of Digital Bond, a firm that focuses on securing infrastructure, who said the equipment used by companies that oversee critical infrastructure is outdated and not built with a focus on preventing some of the modern cyber attacks that could end up haunting a company or government entity.
"The executive order is about information sharing – it does not even begin to address the real problem, which is that these systems are completely insecure," said Peterson. "I'm amazed that 11[-and-a-half] years after 9/11, the government hasn't even had the courage to say, 'You need to replace this insecure equipment.' If you get on these systems, they have no security and you can do whatever you want."
Chenxi Wang wrote on Forbes that there are other questions for her that remain after reading through the president's Executive Order, including:
– The complexity of the "cybersecurity framework" and how it will help instead of creating more problems
– What the privacy implications are once information starts being shared more between companies and government agencies
– Adoption is voluntary, which could create many inconsistencies
– There isn't much detail about the government level of effort that will be put into cybersecurity after this order was released
Overall, she wrote on the website that it is still too soon to tell how this will affect more complexity or cost private companies money. the one thing that is for certain, she said, is that the data security of companies is now a front and center issue for the government, so companies and agencies alike need to be sure to address it sooner rather than later.
Security News from SimplySecurity.com by Trend Micro