The summer may be over, but don’t put the barbecue away yet — the president just declared this October “National Cybersecurity Month.” It’s the latest maneuver in the Obama administration’s campaign for better cybersecurity. After Congress failed to pass cybersecurity legislation earlier this year, rumors of an executive order on cybersecurity soon surfaced.
These rumors were confirmed when a draft version of the executive order was leaked in mid-September. A few days later, a letter from John Brennan, the president’s chief cybersecurity advisor, to Senator Jay Rockefeller, co-sponsor of the Cybersecurity Act of 2009 and the Cybersecurity Act of 2012 and the Senate’s biggest proponent of increased cybersecurity measures, admitted that the White House was formulating an executive order.
When the draft order was leaked, many questioned the White House’s intentions. The order was extremely vague, containing few details about the actual plan for cybersecurity. In fact, most of the order discussed the creation of various commissions to oversee the implementation of the order and assigned deadlines for the commissions’ compliance.
What was clear in the draft, however, was the administration’s seeming lack of concern for privacy. There were two mentions of civil liberties in the draft. One was a rather cursory assurance that the order was to be carried out “in a manner consistent with applicable law, presidential directives, and federal regulations, including those protecting civil rights and civil liberties”; the other was an equally cursory mention of protecting the “the privacy and civil liberties of the American People” in a list of goals the order was to accomplish.
So, just how are “the privacy and civil liberties of the American People” to be protected? Well, by widespread information sharing among law enforcement agencies and the private sector, of course! To many advocates of information sharing, no real limits need be incorporated to protect Americans’ private data. Anything labeled “critical infrastructure” earns the privilege of sharing any data it possesses with the government.
What counts as a critical infrastructure? There are certain obvious candidates in the form of dams, roads, and bridges, but some Internet services count too. But just which services meet the definition of critical infrastructure is unclear. All of the haziness surrounding the details of the draft led TechDirt’s Mike Masnick to speculate that the draft’s real purpose was to strong-arm mule-headed private actors into cooperating with legislative cybersecurity efforts. Given general concerns about this administration’s willingness to leak information, such speculation is hardly unwarranted. Pressuring industry actors isn’t confined to the White House, either: just over a week ago, Senator Rockefeller sent a sternly worded letter to every Fortune 500 CEO expressing his disappointment with industry reticence to support his cybersecurity proposals.
And now another twist in the cybersecurity tale: just yesterday Chinese hackers attacked the White House, breaking into a military computer system. The White House confirmed the attack, but to some commentators, their story seems too convenient to be swallowed uncritically. But whether or not the attack was real (it seems plausible to me), the Obama administration is making good use of its political potential. Today, our nation is to begin considering how important cybersecurity is, and how vulnerable we are to outside threats. After all, the president does so wisely remind us, “our digital infrastructure is not just a convenience; it is a strategic national asset.”