CAP en Español
Small CAP Banner

U.S. Cybersecurity Policy in Context

Keyboard Weapons

SOURCE: BigStock Photo

A look back at past cyber attacks and what our government has done to fortify both the public and private sectors against hackers foreign and domestic.

    PRINT:
  • print icon
  • SHARE:
  • Facebook icon
  • Twitter icon
  • Share on Google+
  • Email icon

You can also read this article at Science Progress, CAP’s online science and technology journal, here.

President Barack Obama signed a long-rumored executive order and presidential directive on Tuesday aimed at strengthening the cybersecurity of critical infrastructure.

America’s enemies are “seeking the ability to sabotage our power grid, our financial institutions, and our air traffic control systems … and swipe our corporate secrets,” President Obama said on Tuesday night during his State of the Union address. Indeed, Secretary of Defense Leon Panetta once used the term, “cyber-Pearl Harbor” to describe the looming threat we face.

These threats to both digital and physical infrastructure could not be more real. In 2007 the Department of Homeland Security demonstrated that hackers could take over a 5,000 diesel engine—the kind routinely used as backup generators in our power grid—and, using nothing but computer code, caused the machine to destroy itself. Using a similar technique, U.S. intelligence officials allegedly used a computer virus dubbed “Stuxnet” to sabotage more than 1,000 uranium enrichment centrifuges in Iran in 2010.

Unfortunately, the government’s past responses to these new and developing threats have been piecemeal and lacking in coordination. In the timeline below we outline the major policy initiatives that led us to yesterday’s executive order, and the cyber attack incidents that spurred them.

Yesterday’s actions are designed to accomplish two goals:

Specifically, the order and the directive implement a voluntary program for companies working in sectors that involve critical infrastructure, such as power grids, pipelines, or transportation operations, creates new information sharing programs under the Department of Homeland Security, clarifies the role of various federal agencies in pursuing cyber resiliency, and tasks the National Institute of Standards and Technology with designing and implementing a framework to reduce long-term cyber risks.

This comes amidst a new and more aggressive stance by the Pentagon to weaponize cyberspace, and similarly proactive stance that is evolving from private sector actors.

In some ways, cyberspace is like the Wild West of our time—dangerous, difficult to police, and still largely unexplored. What is certain is that yesterday’s executive order will not be the end of this story. It is likely only the beginning.

Andrea Peterson is the Social Media and Analytics Editor at the Center for American Progress. Sean Pool is the Managing Editor of Science Progress. Jason Thomas contributed to the research for this timeline.

To speak with our experts on this topic, please contact:

Print: Katie Peters (economy, education, poverty, Half in Ten Education Fund)
202.741.6285 or kpeters@americanprogress.org

Print: Anne Shoup (foreign policy and national security, energy, LGBT issues, health care, gun-violence prevention)
202.481.7146 or ashoup@americanprogress.org

Print: Crystal Patterson (immigration)
202.478.6350 or cpatterson@americanprogress.org

Print: Madeline Meth (women's issues, Legal Progress, higher education)
202.741.6277 or mmeth@americanprogress.org

Spanish-language and ethnic media: Tanya Arditi
202.741.6258 or tarditi@americanprogress.org

TV: Lindsay Hamilton
202.483.2675 or lhamilton@americanprogress.org

Radio: Chelsea Kiene
202.478.5328 or ckiene@americanprogress.org