In the State of the Union tonight, President Obama hit on all the policy points expected of a sitting president (jobs, the economy, foreign policy), but he also took some time to address national cybersecurity policy and an executive order that he signed earlier today to grant the government more power in dealing with cyber threats. This action represents the president’s commitment to act in the face of Congressional holds and objections, and it is clear that tonight’s State of the Union is the kickoff of a much more cyberhawkish second term.

Advertising

RELATED: SOPA Part II Or Not? Congress Taking Up Controversial New Cybersecurity Bill

Here is the full text of Obama’s cybersecurity proposals from the State of the Union, as prepared for delivery:

America must also face the rapidly growing threat from cyber-attacks. We know hackers steal people’s identities and infiltrate private e-mail. We know foreign countries and companies swipe our corporate secrets. Now our enemies are also seeking the ability to sabotage our power grid, our financial institutions, and our air traffic control systems.

We cannot look back years from now and wonder why we did nothing in the face of real threats to our security and our economy. That’s why, earlier today, I signed a new executive order that will strengthen our cyber defenses by increasing information sharing, and developing standards to protect our national security, our jobs, and our privacy. Now, Congress must act as well, by passing legislation to give our government a greater capacity to secure our networks and deter attacks.

This is the most the president has ever talked in a State of the Union address about cyber security. Obama gave a brief mention of tackling cyber threats in his 2009 non-State-of-the-Union State of the Union, didn’t mention it at all in his 2010 and 2011 addresses (though he did talk about “revolutions in technology” and building up America’s web economy/infrastructure in the latter), and in 2012 only referenced cybersecurity legislation by saying he has sent proposals to Congress to act on.

When Obama says he wants to engage in “information sharing,” he means that the government will provide information about cyber attacks to companies like Google and Facebook. The core controversy here is the flow of information sharing the other way; companies providing private user information to the government.

Much like the current argument over drone strikes, no one opposes cracking down on cybercriminals, but the criteria by which the government can decide what

constitutes a cyber threat is not expressly clear. A significant portion of the opposition to cybersecurity legislation proposed by the Obama administration in the past few years was based around concerns over privacy. By bypassing Congress to push such measures through, this executive order merely raises more concerns than it allays.

Obama has made cybersecurity one of his top priorities from day one. The U.S. Army Cyber Command was created in 2009 in order to have a singular office dealing with cyber threats.

Cybersecurity has come back into the spotlight following The New York Times and The Wall Street Journal being targeted by Chinese hackers. In addition to Obama’s executive order, the Cyber Intelligence Sharing and Protection Act (CISPA), which passed the House last year but not the Senate, is returning before Congress with no changes to distinguish it from the incarnation that even the Obama administration had concerns over.

If you accept the premise that the Republicans in Congress are nothing but obstructionists, then you may have little objection to Obama’s use of executive power. But this isn’t a partisan issue. One of the most outspoken critics of overreaching cybersecurity policy has been Democratic senator Ron Wyden. Wyden fought back against passage of the Cybersecurity Act of 2012, lobbied heavily by the White House, with a number of amendments, one of which was aimed at protecting users against companies providing their user information to the government without just cause.

Ultimately, the Senate

rejected the CSA, which may have been the final straw of sorts for the Obama administration. Following the CSA defeat, Obama signed a “secret directive” on what action the military can take to thwart cyberattacks.

And just to give you some idea of how the Obama administration views dealing with cybercrime already, two years ago The Wall Street Journal gave this insight into the military’s thinking on fighting cybercriminals.

In part, the Pentagon intends its plan as a warning to potential adversaries of the consequences of attacking the U.S. in this way. “If you shut down our power grid, maybe we will put a missile down one of your smokestacks,” said a military official.

The Washington Post yesterday said that “Obama is likely to rely heavily on executive powers to set domestic policy in his second term. Does this mean Obama will revisit previously failed cybersecurity legislation and decide to get it done himself?

One could easily sympathize with Obama wanting to bypass a Congress that has repeatedly rejected his proposals, but sometimes obstructionism can be a good thing. If the president’s new executive orders do not do enough to address privacy concerns, Congress should pick up the gauntlet and get to work.

Watch the president’s comments on cybersecurity below, courtesy of CNN:

—–

Follow Josh Feldman on Twitter: @feldmaniac

Tags: Barack Obama, cybersecurity, Internet, National Security, State of the Union