Obama, Republicans, Anonymous Prepare for Cybersecurity Battle
CREDIT: White House photo/Image composite by TechNewsDaily
Tonight and tomorrow promise to be newsworthy in terms of cybersecurity.
President Barack Obama is expected to stress the importance of the nation's digital defenses in tonight's State of the Union address.
Tomorrow (Feb. 13), he's expected to sign an executive order establishing voluntary network-security standards for private industry.
Also tomorrow, two congressmen plan to reintroduce the Cyber Intelligence Sharing and Protection Act (CISPA), which stalled last year after Obama promised to veto it.
Just to spice things up even more, elements of the hacktivist movement Anonymous plan to block live Web streams of the State of the Union address.
Preparing the battlefield
The prepared text of the State of the Union address had not been released as of this afternoon, but Cabinet officials and Democratic senators have been laying the groundwork for an executive push toward stronger cybersecurity since Obama's second inauguration.
Secretary of State John Kerry called hackers "the 21st-century nuclear weapons equivalent" in his confirmation hearings Jan. 25. On the same day, Secretary of Homeland Security Janet Napolitano said "9/11 in the cyber world" could happen "imminently."
The previous day, Kerry's former Senate colleagues put forward a bill that affirms the priority of cybersecurity for the next two years of this session of Congress.
That was a week before the New York Times, Wall Street Journal and Washington Post all revealed their networks had been compromised by Chinese hackers.
Just two days ago, the Washington Post said a secret National Intelligence Estimate has concluded that "the United States is the target of a massive, sustained cyberespionage campaign that is threatening the country’s economic competitiveness" — and that that campaign originates mainly in China.
Even Obama's political opponents agree that something must be done.
"We're getting robbed every single day," CISPA co-sponsor Rep. Mike Rogers, R-Mich., said on the CBS political talk show "Face the Nation" Sunday. "We have, as the U.S. government, set up lawn chairs, told the burglars where the silver is — in the bottom drawer — and opened the case of beer and watched them do it."
Should government lead the way?
Obama's executive order will, by all accounts, achieve some of what former Sen. Joseph Lieberman's failed Cybersecurity Act of 2012 would have done.
Lieberman's bill, in its original form, would have tasked the Department of Homeland Security (DHS) with establishing minimum mandatory digital-security standards for facilities and industries deemed to be critical infrastructure.
Such facilities could include power plants, electrical grids, rail networks, financial computer systems, water systems and so on — many, if not most, of them in private hands.
Senate Republicans opposed what they saw as blatant government intrusion into business matters. They killed Lieberman's bill with a threatened filibuster, even after he'd made the standards voluntary.
Obama's order will reportedly have DHS create those standards anyway, and then make private-industry compliance voluntary — with incentives that might include shields against liability or prosecution.
Or should private enterprise?
CISPA takes the opposite approach. It asks that the government and military share information about cyberthreats with private industry — but doesn't require that private industry share anything in return.
At the moment, it's difficult for the government to share information with private entities, partly because the government can't be seen to favor one company over another. There are also multiple privacy laws governing the distribution of personal and corporate information.
CISPA, like Lieberman's bill and, presumably, Obama's order, would create legal shields protecting companies from civil or criminal claims regarding misuse of private information.
Civil-liberties groups and the White House argued that CISPA went too far in that respect, allowing sharing of information for "any lawful purpose."
A late amendment, added just before the House passed CISPA in April 2012, tightened those rules so that information-sharing would be allowed only for purposes of national security or in cases involving child pornography or immediate physical danger to an individual.
Despite the House victory, CISPA went nowhere in the Democratic-controlled Senate, especially after Obama promised to veto it.
It's not clear which version of CISPA Rogers and his co-sponsor, Rep. Dutch Ruppersberger, D-Md., plan to reintroduce tomorrow.
The White House said it wasn't prepared to comment on legislation that had not yet been introduced.
Enter the hacktivists
No matter what any cybersecurity legislation proposes, Anonymous is sure to oppose it.
"Last year we faced our greatest threat from lawmakers. We faced down SOPA, PIPA, CISPA and ACTA. And we won!" read a message posted on an Anonymous website today.
"Tonight, the President of the United States will appear before a joint session of Congress to deliver the State of the Union Address, and tomorrow he plans to sign an executive order for cyber-security as the House Intelligence committee reintroduces the defeated CISPA act, which turns private companies into government informants."
"The President of the United States of America, and the Joint Session of Congress will face an Army tonight," the letter promises.
"We will form a virtual blockade between Capitol Hill and the Internet. ... There will be no State of the Union Address on the Web tonight."
It wasn't clear how that would be done, other than by launching massive distributed denial-of-service attacks against all major news websites, plus the White House's own.
Nor was it clear what such a "blockade" would achieve, since more than 90 percent of the audience for the State of the Union address will presumably watch it the old-fashioned way — on television.