WASHINGTON - President Obama issued an executive order Tuesday that seeks to shore up the nation's cyber-defenses by improving how classified information is shared between the government and the owners and operators of crucial infrastructure, including electric utilities, dams and mass transit.
The long-expected order, which Obama announced in his State of the Union speech, is a stopgap measure that follows Congress' failure last year to pass legislation to create comprehensive standards for the private sector to help thwart digital attacks. Many Republicans and business leaders had decried that bill as unnecessary regulation, while civil-liberties groups warned of privacy concerns.
"We know hackers steal people's identities and infiltrate private email," Obama said. "We know foreign countries and companies swipe our corporate secrets. Now our enemies are also seeking the ability to sabotage our power grid, our financial institutions and our air-traffic-control systems. We cannot look back years from now and wonder why we did nothing in the face of real threats to our security and our economy."
The executive order comes amid growing concern about foreign-based theft of government and other sensitive computer data and sophisticated digital attacks capable of causing physical damage to national infrastructure, from water treatment plants to traffic systems.
The order includes two main features. One will expand a program that allows the government to share classified cyber-threat information, including malware signatures, with private companies that pass a security-clearance process. The effort now is mostly limited to Internet companies and defense contractors, but it would add crucial infrastructure companies.
The order also requires the National Institute of Standards and Technology to help write voluntary standards so companies can reinforce their network defenses to detect and repel cyber-attacks.
The U.S. intelligence community is preparing a classified National Intelligence Estimate on cyber-attacks. Among areas officials said it will highlight is the role of Chinese government entities in stealing American intellectual property through hacking.