While political leaders often write columns for a national newspaper, it is rare that it would be on national cyber security.
So when I saw that US President Barack Obama had written an 800 word column titled ‘Taking the cyber attack threat seriously' for the Wall Street Journal, it was worth reviewing his comments.
Obama used this column to review recent military strategy meetings and concluded with the line ‘It's time to strengthen our defences against this growing danger'.
He admitted that the next adversary could be a cyber one, rather than a directly physical attack. He admitted that a simulation of cyber attacks similar to the attacks on SCADA-based water systems in the US last year showed how well federal, state and local governments and the private sector could work together in a crisis, and this was ‘a sobering reminder that the cyber threat to our nation is one of the most serious economic and national security challenges we face'.
He said: “So far, no one has managed to seriously damage or disrupt our critical infrastructure networks. But foreign governments, criminal syndicates and lone individuals are probing our financial, energy and public safety systems every day.
“It doesn't take much to imagine the consequences of a successful cyber attack. In a future conflict, an adversary unable to match our military supremacy on the battlefield might seek to exploit our computer vulnerabilities here at home.”
The President said that incidents such as an attack on national infrastructure or water treatment plants is why his administration has made cyber security a priority, including proposing legislation to strengthen the nation's digital defences and said it was why Congress ‘must pass comprehensive cyber security legislation'.
This specific act is the Cybersecurity Act of 2012, which Obama urged the Senate to pass and Congress to send him comprehensive legislation so he could sign it into law.
Obama claimed that it needed to be easier for governments to share threat information so critical-infrastructure companies are better prepared, and for it to be easier for companies to share data and information with government when they're attacked.
As well as testing their physical security, Obama also said that ‘it would be the height of irresponsibility to leave a digital backdoor wide open to our cyber adversaries'.
“Cyber security standards would be developed in partnership between government and industry. For the majority of critical infrastructure companies already meeting these standards, nothing more would be expected,” he said.
“Companies needing to upgrade their security would have the flexibility to decide how best to do so using the wide range of innovative products and services available in the marketplace. Moreover, our approach protects the privacy and civil liberties of the American people. Indeed, I will veto any bill that lacks strong privacy and civil-liberties protections.”
He concluded by saying that the 2012 Cybersecurity Act is supported by current and former homeland security, intelligence and defence leaders from both Republican and Democratic administrations and it is ‘exactly the kind of responsible, collaborative approach to an urgent national-security challenge that Americans expect but that Washington too rarely provides'.
Some may see Obama's column as a political stand point, basically pushing for his legislation to get through the upper levels of government. According to IT Pro Portal, if this act passes it would be led by a multi-agency National Cyber Security Council, chaired by the secretary of Homeland Security.
Also as it does not affect copyrighted information, it does not resemble the Stop Online Piracy Act (SOPA) or PROTECT IP Act (PIPA), however it does incorporate elements of the Cyber Information Sharing & Protection Act (CISPA) that allowed for information sharing between private companies and the government about cyber threats. The Cybersecurity Act of 2012 has been produced by senators Joe Lieberman, Susan Collins, Jay Rockefeller and Dianne Feinstein.
Reading more about the act, it seems that CISPA was repackaged on 19th July and Obama's column was published on the 20th. A coincidence? Of course not. Obama was using the press to gain publicity for a bill he wants to ensure becomes law before November's election.
Then again it has always been positive to see how the Obama administration has talked about cyber security. From its ‘National Cybersecurity Awareness Month' to the appointment of a cyber security adviser, I just get the feeling that Obama understands the issues. Hopefully other governments will follow suit in some fashion.