Obama’s State of the Union underplays cybersecurity
Editor’s Note: The story has been updated to include the Republican response.
Contrary to what many observers predicted, President Barack Obama spent the vast majority of his State of the Union address Tuesday on the economy and offered only a passing glance to the pressing challenges of national cybersecurity, critical infrastructure protection and privacy.
In a carefully worded speech that ran 6,482 words and lasted just over an hour, Obama dedicated a scant 198 to issues of cybersecurity and digital privacy, all but ignoring the threat of cyber war and state-sponsored attacks on the nation’s critical infrastructure.
“No foreign nation, no hacker, should be able to shut down our networks, steal our trade secrets, or invade the privacy of American families, especially our kids,” Obama said. “We are making sure our government integrates intelligence to combat cyber threats, just as we have done to combat terrorism.”
Rather than address the issue in detail, Obama simply urged lawmakers to pass his recent legislative proposals dealing with protecting student privacy and data breaches. Last week, the administration released the details of Obama’s legislative proposal, which would give private sector companies specific liability protections for sharing technical cyber threat data with the federal government to help prevent future cyber attacks like the one that crippled Sony Pictures Entertainment and others that have compromised personal data stored by major financial and retail firms.
“We need to better meet the evolving threat of cyber attacks, combat identity theft, and protect our children’s information,” Obama said. “If we don’t act, we’ll leave our nation and our economy vulnerable. If we do, we can continue to protect the technologies that have unleashed untold opportunities for people around the globe.”
Only 90 of the 198 words dealing with the emerging security challenges facing the nation in cyberspace were dedicated to privacy and civil liberties.
“As Americans, we cherish our civil liberties – and we need to uphold that commitment if we want maximum cooperation from other countries and industry in our fight against terrorist networks,” Obama said. “As promised, our intelligence agencies have worked hard, with the recommendations of privacy advocates, to increase transparency and build more safeguards against potential abuse. And next month, we’ll issue a report on how we’re keeping our promise to keep our country safe while strengthening privacy.”
The Republican response to the State of the Union offered even less detail. Sen. Joni Ernst of Iowa only made a brief mention of cybersecurity, promising to “advance solutions to prevent the kind of cyber attacks we’ve seen recently.”
As FedScoop reported Jan. 13, Obama’s cybersecurity proposals have faced tough questions from cybersecurity practitioners in the private sector. And those concerns continued as the president spoke to the nation late Tuesday night.
Ron Gula, a former NSA researcher and CEO at Tenable Network Security, said the president’s proposals would criminalize essential cybersecurity practices and establish extended surveillance laws that would essentially force companies to share information with the government. “This proposal is bad for both the cybersecurity industry and the overall security of our nation’s digital infrastructure,” Gula said in a statement.
Gula also said Obama’s cybersecurity information sharing plan could “incentivize lazy security practices” throughout the private sector. “It would be tempting for companies to take the shortcut and save money by relying solely on information provided by the government as their source for indicators of compromise.”
Michael Breen, executive director of the Truman National Security Project and the Center for National Policy, said adversaries in cyberspace demand that the nation focus on improving the skills of its cybersecurity workforce — a topic mentioned by the president but not in detail.
“Recent attacks on American businesses and government agencies have demonstrated that cyber threats pose a significant risk to our security,” Breen said. “And addressing the problem will require a sustained collaboration between the public and private sectors.”