• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Excelitas Qioptiq banner

BATTLESPACE Updates

   +44 (0)77689 54766
   j.nettlefold@battle-technology.com

  • Home
  • Features
  • News Updates
  • Company Directory
  • About
  • Subscribe
  • Contact
  • Media Pack 2021

OBAMA TO PROPOSE INITAITIVES THAT FILL U.S. CYBERSECURITY GAPS By Cheryl Pellerin

January 14, 2015 by Julian Nettlefold

13 Jan 15. In 2015, the Obama administration will make a major push to raise the level of cybersecurity across the nation and improve the ability to disrupt, respond to and mitigate cyber incidents, a senior administration official said.

obamaPresident Barack Obama delivers remarks on protecting consumers and families in the digital age, at the Federal Trade Commission in Washington, D.C., Jan. 12, 2015. Official White House photo by Pete Souza

On Jan. 20, during his State of the Union address to Congress, President Barack Obama will announce cybersecurity initiatives designed to shore up legislative gaps that he, cabinet members and senior military officials have warned are hampering the nation’s security in cyberspace, the official said.

This afternoon, on a background call with reporters, the senior administration official discussed highlights of the president’s proposed cybersecurity initiatives.

The administration’s cyberspace priorities, the official said, include protecting the nation’s critical infrastructure, improving the ability to identify and report cyber incidents, engaging with international partners to promote Internet freedom, securing federal networks and shaping a cyber-savvy workforce.

The Growing Threat

“The events over 2014, from breaches of major retailers to intrusions into federal networks, the major vulnerabilities like Heartbleed, [and] the destructive and coercive attacks on Sony Pictures Entertainment, highlight the growing threat we face in cyberspace,” the official said.

In November, Navy Adm. Michael S. Rogers, commander of U.S. Cyber Command and director of the National Security Agency, spoke about cybersecurity at the Reagan National Defense Forum in Simi Valley, California.

Rogers said the lack of a cyberstrategy that along with national defense includes public- and private-sector networks creates a situation in which cyber attackers run little risk by trying to penetrate systems and steal data.

“My concern there is,” the admiral added, “if we’re not careful and this trend continues, [it] will encourage nation-states, groups or individuals potentially to … engage in ever-more-escalatory and riskier behavior, and that’s not a good thing for us as a nation.”

And speaking Jan. 11 on Fox News Sunday with Chris Wallace, Army Gen. Martin E. Dempsey, chairman of the Joint Chiefs of Staff, said the recent hacking of Sony Pictures Entertainment that the U.S. government said came from North Korea shows a need for new cyber legislation.

White House Cybersecurity Summit

Today the official announced that the White House Cybersecurity Summit will be held Feb. 13 at Stanford University in Stanford, California.

Its focus, he said, “will be on the partnership between government and industry, because cybersecurity is an issue the government cannot work alone, and we need a real partnership with industry in order to tackle.”

The president’s legislative proposal includes a section that updates the administration’s position on how to improve the sharing of information from the private sector to the government, and within the private sector, the official said.

“Congress had been working for several years on legislation and in fact they were able to pass a few pieces of cybersecurity legislation at the end of 2014,” the senior administration official said, “so we’re looking to capitalize on that momentum.”

Cyber Threat Indicators

Specifically, Obama’s information-sharing proposal will authorize companies to share cyber threat indicators such as Internet protocol addresses, date-time stamps, routing information and similar technical data with the government through the Department of Homeland Security National Cybersecurity Communications and Integration Center, the official said.

The proposal, the official added, also will authorize information sharing among private-sector companies through private-sector-led information sharing and analysis organizations.

The official said such organizations will receive targeted liability protection for their information sharing “as long as companies take reasonable steps to remove irrelevant personally identifiable information from what they share, and then comply with reasonable privacy guidelines that are laid out by the attorney general.”

Liability protection focuses on the act of sharing cyber threat indicators, the official said, and the legislation defines these “as the bits of information you need to identify malicious reconnaissance, a message for defeating a technical control, a message for causing a user to inadvertently defeat a technical control, malicious command and control, or some combination of those things.”

The Homeland Security secretary “will govern the back end of information sharing once that information comes to the government,” he added.

Information-Sharing Guidelines

The proposal also requires the secretary of Homeland Security and the attorney general to develop guidelines for the use, receipt, retention and destruction of information received through this channel, the official said.

In terms of law enforcement, he added, the shared information could only be used to look at cybercrimes, major threats to minors or threats of bodily harm, and it can’t be used for regulatory purposes inside the government.

The senior administration official said the proposed legislation requires that DHS share the information it receives from the private sector in near-real time with other federal agencies.

“We are working to make the information flows happen at a speed and with sufficient depth that we can effectively generate what I think of as a weather map for cyberspace,” he said, “so we’ll know and have some visibility into what is happening to us in cyberspace writ broadly.”

Filling the Gap

In 2011, the Obama administration submitted to Congress proposed cybersecurity legislation that Congress wasn’t able to fully enact, the official said, and Obama used executive orders to fill critical gaps.

In March 2013, Executive Order 13636, for example, focused on government to private sector information sharing, he added.

“EO 13636 made the default position of the federal government that we’d share information with the private sector when we see a threat to a private sector company. The president said in that [executive order] to make the information flow more relevant, more timely and more robust. So we’ve been working to put that into place,” the official said.

The part of the process that requires legislation now, he added, is the flow of shared information from the private sector to the government “because of concerns industry has raised related to the need to protect them from liability for that sharing.”

The legislative piece that directs industry-to-industry information sharing through industry-led information sharing and analysis organizations also is new since the 2011 legislative cyber proposal, the official said.

A More Refined Framework

The legislative update, the official said, “is much more clearly articulated and provides a much more refined framework that represents the results of all the work [we’ve done] with Congress over the past almost four years now, and work with the private sector and how the cyberspace ecosystem has evolved. All of that has informed our thinking as we developed this legislative proposal.”

The official said the Obama administration is committed to working with federal and domestic partners, and with partners around the world, to improve cybersecurity.

“Citizens should have an expectation that we will work toward and continue to improve cybersecurity … to protect people’s information,” he said, adding that no one should expect 100 percent security, “but clearly we can raise our level from where we are now to something substantially better.”

As an administration, the official added, “we’re going to do everything we can to improve information sharing and to raise that baseline level of cybersecurity across our critical infrastructure.”

(Follow Cheryl Pellerin on Twitter: @PellerinDoDNews)

Filed Under: News Update

Primary Sidebar

Advertisers

  • qioptiq.com
  • Exensor
  • TCI
  • Visit the Oxley website
  • Visit the Viasat website
  • Blighter
  • Arnold Defense logo
  • SPECTRA
  • InVeris
  • Britbots logo
  • Faun Trackway
  • Systematic
Hilux

Contact Us

BATTLESPACE Publications
Old Charlock
Abthorpe Road
Silverstone
Towcester NN12 8TW

+44 (0)77689 54766

j.nettlefold@battle-technology.com

BATTLESPACE Technologies

An international defence electronics news service providing our readers with up to date developments in the defence electronics industry.

Recent News

  • EXHIBITIONS AND CONFERENCES

    February 26, 2021
    Read more
  • VETERANS UPDATE

    February 26, 2021
    Read more
  • MANAGEMENT ON THE MOVE

    February 26, 2021
    Read more

Copyright BATTLESPACE Publications © 2002–2021.

This website uses cookies to improve your experience. If you continue to use the website, we'll assume you're ok with this.   Read More  Accept
Privacy & Cookies Policy

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary
Always Enabled

Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.

Non-necessary

Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.

SAVE & ACCEPT