Why Obama's Executive Order On Cyberdefense Is So Important

Obama talked about the need for cyberdefense during the State of the Union Address last night. It's high time: America has been playing offense for years, now it's time to play defense.

Learning Cyberwar

070712-N-9758L-058 PEARL CITY, Hawaii (July 12, 2007) Ð Matt Inaki, computer network defender coach/trainer of SPAWAR Systems Center San Diego, shows how to monitor the activity of a network to Air Force Staff Sgt. Daryl Graham and Information Systems Technician 1st Class Martin MacLorrain during a cyber war training course at the Space and Naval Warfare Systems Center. The course is designed to improve how military members would act in a real-life cyber war environment by defending the networks with sweeps and scans of the system as well as responding to intrusions, such as viruses and probes. U.S. Navy photo by Mass Communication Specialist 3rd Class Michael A. Lantron (RELEASED) Wikimedia Commons

In his State of the Union Address last night, Obama highlighted the need for better America cyber defense:

Earlier today, I signed a new executive order that will strengthen our cyber defenses by increasing information sharing, and developing standards to protect our national security, our jobs, and our privacy. Now, Congress must act as well, by passing legislation to give our government a greater capacity to secure our networks and deter attacks.

There's a reason Obama emphasized defense in his speech: America is already pretty good at offense. America's STUXNET attack on the Iranian nuclear program is probably the best-known example, but it's hardly the only thing out there. The Air Force specifically and the Pentagon more broadly have made acquiring cyber weapons an explicit goal. Cyberweapons have even made their way to the Army, which wants to give cyber tools to generals fighting wars oversees. These capabilities are all about striking at enemies, and focus on breaking the networks or tools they need to function.

Relatively speaking, breaking something is easy. Protecting American assets through better cyber defense, however, has presented a challenge. Since so much of the vulnerability is in private businesses and institutions, defense isn't a task (like launching attacks) that the government can assume on its own. That is why yesterday's Executive Order on cybersecurity is so important. By setting up information-sharing programs with private business, Obama is creating a way for cyber-threats collected by intelligence agencies to fall into the hands (and the IT departments) of the businesses that most need that information.

This latest executive order comes five months after the Obama Administration's first presidential directive on cybersecurity, and while the improvements have yet to be implemented, the structure of defense is taking shape.