For the most part, it was a pretty typical State of the Union address – topics like the economy and education were front and center, as were the issues that have stolen the headlines in the months since the election, like climate change and guns. But President Obama also added another topic, one that was pretty much ignored throughout the entire campaign season. He talked about the importance of cybersecurity and (finally) announced his executive order to better protect the critical infrastructure from a cyber attack.
I say “finally” because I had heard that this executive order was ready to be introduced since Congress failed to pass the Cybersecurity Act of 2012 in September. You know how an empty store building will post a banner shouting “Coming Soon!” in bold red letters, and despite the banner hanging there for months or years and whatever is “coming soon” never arrives? I was starting to feel that way about this executive order. We were being teased about it, but would we ever see it?
According to ZDNet, the executive order:
... was designed to simply set up the foundations in which a "framework" can be constructed between the government and private sector industries. The "framework" will effectively allow intelligence to be gathered on cyberattacks and cyberthreats to privately owned critical national infrastructure — such as the private defense sector, utility networks, and the banking industry — so they can better protect themselves, as well as the general US population, the economy, and other nations that are reliant on US support.
This doesn’t mean that suddenly the country is safe from cyber threats – heck, even the term “cyber threat” isn’t clearly explained in the document. But it is a step to recognize what the country’s security leaders have been saying for some time now. Cybersecurity is a serious threat to our national security and it is time we start taking it seriously. As Lawrence Reusing, general manager, mobile security at Imation, stated in an email to me:
Organizations are being targeted through remote attacks and their employees are also being targeted as travelers so they can bring back malicious threats into the organization. For that reason, we need to be ever vigilant in protecting ourselves from the types of attacks-- and attack vectors--emerging within the world we live in. The United States must take a leadership position by defining policies and procedures so that our critical infrastructure is protected.
The executive order won’t cure everything, but at some point, the first step has to be taken. This is it.