President Barack Obama's order aimed at ramping up protection from
cyber-attacks will address only a small portion of threats and sets up a
fresh battle in Congress over legislation.
Obama acted this week after
two failed attempts in Congress to pass measures to protect critical
infrastructure from computer attacks.
US administration officials
and lawmakers acknowledge that the order creates no new authority and
that legislation is needed to better safeguard networks for key systems
such as power grids, banks and air traffic control.
order is not a substitute for legislation," said General Keith
Alexander, head of the National Security Agency and the military's Cyber
"We need legislation and we need it now," Alexander told
a gathering Wednesday to discuss the president's order. "From my
perspective, the threats are real and growing."
Because most of
the networks in question are in private hands, officials say they must
rely on voluntary reporting by industry of any cyber threats or attacks.
Legislation would be needed to shield businesses from liability when
they do report potential malware threats.
Obama, in his annual
State of the Union address to a joint session of Congress, said the
United States was facing a "rapidly growing threat from cyber-attacks."
president also urged Congress to pass legislation "to give our
government a greater capacity to secure our networks and deter attacks."
Jay Rockefeller, co-author of a pending cyber-security bill, welcomed
the executive order and said it "will improve the partnership between
the government and the private sector needed to defend our country."
But other lawmakers were miffed that the president acted alone.
protections and incentives from legislation, the order "will be
ineffective and carry consequences for entities that choose to
participate," said House Homeland Security Committee Chairman Michael
Republican Representative Mike Rogers, who heads the
House Intelligence Committee, and ranking Democrat Dutch Ruppersberger
re-introduced the Cyber Intelligence and Sharing Protection Act (CISPA),
a bill that passed the House last year but died in the Senate.
"We are in a cyber war now, and most Americans don't know it," Rogers told a forum.
"And at this point, we're losing. Nation states like China are stealing our intellectual property at a breathtaking pace."
said he was optimistic about the bill's chances despite the failure in
the last Congress, when the White House threatened a veto and the Senate
opted for a different course.
"We had our issues with the
president last time," Ruppersberger told an audience at the Center for
Strategic and International Studies. "We don't agree on everything but
we do agree we have to work together."
efforts failed amid opposition from civil libertarians who claim it
could allow too much government snooping and conservatives who say it
would create a new bureaucracy.
Ruppersberger argued that in
drafting the bill, "we bent over backwards so we don't invade anyone's
privacy... the bill does not authorize the government to monitor your
computer or read your tweets."
But critics say CISPA still raises civil liberty concerns.
Harris at the Center for Democracy and Technology said CISPA "remains
fundamentally flawed" because "it allows private Internet communications
and information of American citizens to go directly to the NSA, a
military intelligence agency that operates secretly with little public
Analysts say it remains unclear whether lawmakers
and the White House can break the deadlock and pass legislation
offering real protection.
"The US is clearly at a stalemate, with
the government floundering in a hotly politicized deadlock with trade
lobbies and civil liberties advocates," said Michela Menting, cyber
security analyst at ABI Research.
Daniel Castro of the Information
Technology & Innovation Foundation said the cyber-security order
may in fact reduce pressure on lawmakers to pass a bill.
"Some people will say this takes care of the problem," he told AFP. "So this lessens the urgency."
But if Congress decides to act, it may be pressed to do so ahead of deadlines to implement the executive order.
form of CISPA has the best chance of passage this year in Congress,"
said Thomas Billington, who head the cyber-security media firm