Obama’s Stance on Cybersecurity
Cyber-attacks are a rising threat, and President Obama has increasingly toughened his stance on online security in order to meet them.
Obama published an op-ed in the Wall Street Journal imploring Congress to immediately pass the Cybersecurity Act of 2012, a move underlining how strongly he feels about the bill’s passage.
But Obama’s opinion on the subject hasn’t always been so hawkish — his preoccupation with securing U.S. cybersecurity has escalated over the course of his political career, especially as online threats escalate in scale and frequency.
What Is the Cybersecurity Act of 2012?
In the Wall Street Journal piece, Obama emphasized the bill’s importance, noting, “We need to make it easier for the government to share threat information so critical-infrastructure companies are better prepared.” The President said simply sharing more information is not enough, adding, “Ultimately, this is about security gaps that have to be filled.”
Obama’s decision to endorse the Cybersecurity Act of 2012 suggests he believes this is the cybersecurity bill capable of carrying out his prerogatives, even though the bill went through major changes since it was first introduced. For example, the proposal no longer features a provision for an “Internet Kill Switch” which would allow the government to shut down the Internet in case of an attack. The removal of this clause is good news for Internet freedom, but will limit the amount of control the government has if an emergency arises.
The Cybersecurity Act differs from former bills put forth to boost security, like the Cyber Intelligence Security Protection Act (CISPA), because it doesn’t give the go-ahead for government agencies to look at private citizens’ web footprints, which was the key point of contention for activists and lawmakers concerned about CISPA’s potential to seriously infringe on privacy.
Instead, the Cybersecurity Act focuses on setting security requirements for infrastructure like power grids and water-treatment plants, illustrating Obama’s belief that keeping these crucial services running in the face of a cyber attack is the main security priority. But even though boosting infrastructure security is the crux of the bill, changes removed mandatory security upgrades from the language, so it may not be that effective in its current form.
A Changing Public View
Obama’s vocal support of the Cybersecurity Act of 2012 may come as a surprise, since the White House is on record saying the president will veto CISPA, which also deals with data-security breaching. Why is Obama throwing his weight behind this bill, and not other cybersecurity measures that came before it?
Obama’s problem with CISPA stemmed from its potential to seriously compromise the privacy of U.S. citizens, although CISPA’s sponsors insist Obama will not wind up vetoing the bill. His public position hasn’t changed, but this new fervor for cybersecurity means the president may be more willing to consider heavy-duty cyber-monitoring in the future if he believes its integral to national security.
However, Congress recently watered down the Cybersecurity Act, so Obama may end up holding off on a veto for CISPA, since the lack of mandatory security reinforcements renders the Cybersecurity Act less effective than necessary to ensure substantially beefed-up protection. Many expect the amended Cybersecurity Act will not pass due to partisan in-fighting, and leaving the nation’s critical infrastructure unprotected despite dire warnings from top security officials.
The Enemy Within
Even though the United States has never experienced a large-scale cyber attack, the government is keenly aware of the damage that kind of crisis can amass — after all, the U.S. was behind the notorious Flame and Stuxnet viruses aimed at crippling Iran’s uranium enrichment program as part of its “Olympic Games” initiative. As the U.S. develops weapons to defend itself against enemies, officials are realizing how devastating an attack aimed in the opposite direction could be.
Several prominent security officials have gone on record with their misgivings on cyber-attacks, with several prominent intelligence personnel stating cyber-terrorism will be the next stage of warfare. Researchers at MIT warn that the nation’s electrical infrastructure is vulnerable to hacking, and officials at the National Security Agency are beefing up their own recruiting.
According to Army Gen. Keith Alexander, hackers are becoming more aggressive, seeking to disrupt networks instead of just steal data. “Our concern is that they’re going toward destruction, which would have significant impact,” Alexander said.
The stakes of cyber-attackers are rising as well. The Pentagon is developing its own cyber-warfare protocol, essentially stating that certain cyber-attacks constitute acts of war and could merit military retaliation.
But beefing up the U.S.’s own arsenal of cyber-weapons is not without cost. Every time the U.S. creates or collaborates on a new virus or other form of cyber sabotage, it heightens the risk that hostile countries could get a handle on similar technology, since it provides a blueprint for creating copycat programs.
As the government boosts its own efforts to develop a cutting-edge arsenal of digital weapons, it is increasingly important to have a robust defense system in place in case the tables turn. In this way, it is a cyber arms race, with U.S. efforts to boost its own system potentially serving as inspiration for other countries to do the same, making the possibility of an attack more likely on all ends.
The landscape of national defense is changing to an increasingly online one. President Obama is overseeing a shift in the nature of warfare and terrorism, but the balancing act between protection and privacy rights is a tricky one, and could prove pivotal in the future.