• Home
  • WRITE FOR US!
  • Features
    • The Rundown
    • Throwback Thursday
    • The Catchup
  • Opinions
    • Africa
    • Americas
    • Asia
    • Australia
    • Eurasia
    • Europe
    • Middle East
  • YOUNG MINDS
    • Young Minds At Work
  • Essay Contest
    • Essay Contest '16
    • Essay Contest '17

nextgen | EWI

  • Home
  • WRITE FOR US!
  • Features
    • The Rundown
    • Throwback Thursday
    • The Catchup
  • Opinions
    • Africa
    • Americas
    • Asia
    • Australia
    • Eurasia
    • Europe
    • Middle East
  • YOUNG MINDS
    • Young Minds At Work
  • Essay Contest
    • Essay Contest '16
    • Essay Contest '17
  • Menu

Reactions to Cybersecurity Executive Order

June 1, 2013

By Isaac Molho

During his annual State of the Union address on February 12, President Obama presented an executive order to protect U.S. critical infrastructure from cyber threats. “Our enemies are also seeking the ability to attack our power grid, our air traffic control system,” he said. “We cannot look back years from now and ask why we did nothing to face real threats to our security and our economy.”

The executive order encourages information sharing between private companies, which currently own and run most critical infrastructure in the U.S., and government agencies. Many companies are loath to share information about cyber breaches, as they believe that this will undermine their standing with customers and competitors. The order also aims to develop voluntary security standards and practices, while at the same time addressing privacy concerns. Many of these provisions were in last year’s failed cybersecurity legislation.

As many in the private sector have criticized the substance of the executive order, Michael Chertoff, a former director of Homeland Security and EastWest Institute board member, praised it, for putting it front and center on the national agenda.  In a discussion with USA Today, Chertoff stated that the order’s requirements “represent a down payment in the protection of our nation’s cyber infrastructure.”

Speaking to Computerworld, Gartner Analyst Lawrence Pringree expressed skepticismover the quality of shared intelligence that he asserts would do little to prevent cyber attacks. “It remains to be seen whether the government has useful intelligence that can help bolster commercial sector security,” he said. 

Rob Beck, a critical infrastructure cybersecurity consultant with Casaba Security, had similar sentiments. He criticized the voluntary nature of the standards, saying that the order “doesn’t have any teeth; it has no backing,” he told CNN. “This is not going to have any measurable impact on anything.” 

In an interview with CSO, Jacob Olcott, principal at Good Harbor Consulting, held that basic “cyber hygiene” measures are more effective than enhanced information-sharing measures. “Classified threat information is not useful for a company that isn’t regularly patching its systems,” he explained. 

It is worth noting that, according to a recent Verizon-sponsored study, 97 percent of reported security breaches “were avoidable (at least in hindsight) without difficult or expensive countermeasures.” 

The lack of trust between the public and private sector remains a major hurdle, especially as state-sponsored cyber attacks become ubiquitous. 

“It is very hard for many of us in the private sector to trust that the feds have significantly better threat information that they are willing to share,” AlienVault CTO Roger Thorton told CSO. “Researchers at hundreds of private organizations like ours are routinely catching attacks and infiltrations backed by states, particularly China and even the U.S. and or its allies.” 

China has been accused of producing a high volume of cyber attacks, including recent infiltration into major American newspapers; the Chinese government has yet to issue an official comment on the executive order. 

Thorton went on to criticize the American government’s threat reduction capacity; he suggested that the government is more qualified to promote bilateral treaties and international cooperation. “To assert that government’s involvement and training is necessary for private industry to accurately identify, assess and respond to threats is frankly a somewhat arrogant position to take,” he added. 

Yet, Dale Peterson, president of Florida-based Digital Bond, a cybersecurity company, told the Christian Science Monitor that Obama’s order was long-overdue. “I had hoped, and have hoped for years, the U.S. government would come out and say the [control systems] that run the critical infrastructure are insecure by design and must be upgraded or replaced ASAP,” he said. “It’s hard to believe 11 and a half years after 9/11 that the U.S. government has not even used the bully pulpit to make a difference.”

A great deal of distrust and uncertainty about cyber threats are prevalent among the private sector. In the current climate, the EastWest Institute’s efforts to raise awareness and promote private-public collaboration on critical cybersecurity issues—including last year’s groundbreaking 3rd Worldwide Cybersecurity Summit in New Delhi—remain crucial.

Isaac Molho is an intern in the Communications and Public Policy Department at the EastWest Institute. He is a recent graduate of Middle East Studies programs at New York University and the University of Chicago.

In CybersecuritySurveillance, North America, Domestic Policy Tags cybersecurity, IsaacMolho
← A Cybersecurity Solution on the Way?How Snowden May Hand Syria to Assad →

The views and opinions expressed on Nextgen are those of the authors and do not reflect official opinions held by the EastWest Institute, its programs and initiatives, or its staff.

Subscribe

Sign up to receive updates from Nextgen, including our weekly world news roundup The Catchup.

We respect your privacy.

Thank you!
Blog Directory & Business Pages - OnToplist.com
  • EastWest Institute
    #ICYMI: Valbona Zeneli (@ValbonaZeneliTo) and Michael Czinkota (@michaelczinkota) write "WTO as a Reflection of Eme… https://t.co/c7N14J5trH
    about 16 hours ago
  • EastWest Institute
    “Urban leaders around the globe are embracing the concept of #SmartCities, using technology, interconnectivity and… https://t.co/S5tYIfQIMZ
    about 19 hours ago
  • EastWest Institute
    RT @lathareddy51: Enjoyed giving this talk on the Global View on Cybersecurity from India’s viewpoint at the Munich Cyber Security Co… https://t.co/4IC8ZtBYLT
    about 20 hours ago
  • EastWest Institute
    RT @theGCSC: Today GCSC members are participating in the #MSC2019 Cyber Security Roundtable “A Dragon in Disguise? Geostrategy i… https://t.co/iaeR3HB0Sd
    about 20 hours ago