In his State of the Union Address last night, Obama highlighted the need for better America cyber defense:
Earlier today, I signed a new executive order that will strengthen our cyber defenses by increasing information sharing, and developing standards to protect our national security, our jobs, and our privacy. Now, Congress must act as well, by passing legislation to give our government a greater capacity to secure our networks and deter attacks.
There’s a reason Obama emphasized defense in his speech: America is already pretty good at offense. America’s STUXNET attack on the Iranian nuclear program is probably the best-known example, but it’s hardly the only thing out there. The Air Force specifically and the Pentagon more broadly have made acquiring cyber weapons an explicit goal. Cyberweapons have even made their way to the Army, which wants to give cyber tools to generals fighting wars oversees. These capabilities are all about striking at enemies, and focus on breaking the networks or tools they need to function.
Relatively speaking, breaking something is easy. Protecting American assets through better cyber defense, however, has presented a challenge. Since so much of the vulnerability is in private businesses and institutions, defense isn’t a task (like launching attacks) that the government can assume on its own. That is why yesterday’s Executive Order on cybersecurity is so important. By setting up information-sharing programs with private business, Obama is creating a way for cyber-threats collected by intelligence agencies to fall into the hands (and the IT departments) of the businesses that most need that information.
This latest executive order comes five months after the Obama Administration’s first presidential directive on cybersecurity, and while the improvements have yet to be implemented, the structure of defense is taking shape.