Sunday November 29th, 2015 9:43PM

Order would give companies cyberthreat info

By The Associated Press
WASHINGTON (AP) -- A new White House executive order would direct U.S. spy agencies to share the latest intelligence about cyberthreats with companies operating electric grids, water plants, railroads and other vital industries to help protect them from electronic attacks, according to a copy obtained by The Associated Press.

The seven-page draft order, which is being finalized, takes shape as the Obama administration expresses growing concern that Iran could be the first country to use cyberterrorism against the United States. The military is ready to retaliate if the U.S. is hit by cyberweapons, Defense Secretary Leon Panetta said. But the U.S. also is poorly prepared to prevent such an attack, which could damage or knock out critical services that are part of everyday life.

The White House declined to say when the president will sign the order.

The draft order would put the Department of Homeland Security in charge of organizing an information-sharing network that rapidly distributes sanitized summaries of top-secret intelligence reports about known cyberthreats that identify a specific target. With these warnings, known as tear lines, the owners and operators of essential U.S. businesses would be better able to block potential attackers from gaining access to their computer systems.

An organized, broad-based approach for sharing cyberthreat information gathered by the government is widely viewed as essential for any plan to protect U.S. computer networks from foreign nations, terrorist groups and hackers. Existing efforts to exchange information are narrowly focused on specific industries, such as the finance sector, and have had varying degrees of success.

Yet the order has generated stiff opposition from Republicans on Capitol Hill who view it as a unilateral move that bypasses the legislative authority held by Congress.

Administration officials said the order became necessary after Congress failed this summer to pass cybersecurity legislation, leaving critical infrastructure companies vulnerable to a serious and growing threat. Conflicting bills passed separately by the House and Senate included information-sharing provisions. But efforts to get a final measure through both chambers collapsed over the GOP's concerns that the Senate bill would expand the federal government's regulatory power and increase costs for businesses.

The White House has acknowledged that an order from the president, while legally binding, is not enough. Legislation is needed to make other changes to improve the country's digital defenses. An executive order, for example, cannot offer a company protection from liabilities that might result from a cyberattack on its systems.

The addition of the information-sharing provisions is the most significant change to an earlier draft of the order completed in late August. The new draft, which is not dated, retains a section that requires Homeland Security to identify the vital systems that, if hit by cyberattack, could "reasonably result in a debilitating impact" on national and economic security. Other sections establish a program to encourage companies to adopt voluntary security standards and direct federal agencies to determine whether existing cyber security regulations are adequate.

The draft order directs the department to work with the Pentagon, the National Security Agency, the director of national intelligence and the Justice Department to quickly establish the information-sharing mechanism. Selected employees at critical infrastructure companies would receive security clearances allowing them to receive the information, according to the document. Federal agencies would be required to assess whether the order raises any privacy or civil liberties risks.

To foster a two-way exchange of information, the government would ask businesses to tell the government about cyberthreats or cyberattacks. There would be no requirement to do so.

The NSA has been sharing cyberthreat information on a limited basis with companies that conduct business with the Defense Department. These companies work with sensitive data about weapon systems and technologies and are frequently the targets of cyberspying.

But the loss of valuable information has been eclipsed by fears that an enemy with the proper know-how could cause havoc by sending the computers controlling critical infrastructure systems incorrect commands or infecting them with malicious software. Potential nightmare scenarios include high-speed trains being put on collision courses, blackouts that last days or perhaps even weeks or chemical plants that inadvertently release deadly gases.

Panetta underscored the looming dangers during a speech last week in New York by pointing to the Shamoon virus that destroyed thousands of computer systems owned by Persian Gulf oil and gas companies. Shamoon, which spreads quickly through networked computers and ultimately wipes out files by overwriting them, hit the Saudi Arabian state oil company Aramco and Qatari natural gas producer RasGas.

Panetta did not directly connect Iran to the Aramco and RasGas attacks. But U.S. officials believe hackers based in Iran were behind them.

Shamoon replaced files at Aramco with the image of a burning U.S. flag and rendered more than 30,000 computers useless, Panetta said. The attack on RasGas was similar, he said.

A spokeswoman for the National Security Council, Caitlin Hayden, said the administration is consulting with members of Congress and the private sector as the order is being drafted. But she provided no information on when an order would be signed. "Given the gravity of the threats we face in cyberspace, we want to get this right in addition to getting it done swiftly," she said.
  • Associated Categories: U.S. News, Business News
© Copyright 2015
All rights reserved. This material may not be published, broadcast, rewritten, or redistributed without permission.
Doctors: Blood clot located in Clinton's head
Secretary of State Hillary Rodham Clinton developed a blood clot in her head but did not suffer a stroke or neurological damage, her doctors said Monday. They say they are confident that she will make a full recovery.
3:55PM ( 2 years ago )
Illinois Sen. Kirk to return a year after stroke
Nearly a year after a stroke left him barely able to move the left side of his body, U.S. Sen. Mark Kirk is expected to climb the 45 steps to the Senate's front door this week - a walk that's significant not just for Illinois' junior senator, but also for medical researchers and hundreds of thousands of stroke patients.
3:54PM ( 2 years ago )
U.S. News
Ga. ethics legislation could end free tickets
General Assembly approval next year of a proposed ethics reform measure could endanger an important fall tradition for Georgia lawmakers - free football tickets.
6:26PM ( 2 years ago )
Abortion restrictions, tax changes loom in Ga.
Tax breaks for manufacturers and higher unemployment taxes for employers take effect with the new year in Georgia, but it remains to be seen whether the state's newest abortion restrictions will be enforced.
6:23PM ( 2 years ago )
Business News
Standoff at Planned Parenthood ends with suspect's arrest; 3 killed, 9 wounded
COLORADO SPRINGS, Colo. (AP) — A gunman who opened fire inside a Planned Parenthood clinic was arrested Friday after engaging in gun battles with authorities during an hourslong standoff that killed t...
1:13AM ( 1 day ago )
White House undergoes Thanksgiving Day lockdown after man draped in American flag jumps fence
WASHINGTON (AP) — A man draped in an American flag climbed over the fence at the White House on Thursday, prompting a lockdown as the first family celebrated Thanksgiving.The man was immediately appre...
10:11PM ( 2 days ago )
Obama grants reprieve to turkeys 'Honest' and 'Abe' during White House ceremony
WASHINGTON (AP) — President Barack Obama spared two turkeys named for one of the nation's most admired presidents, continuing a White House tradition that provides a refreshing sense of amusement and...
9:18PM ( 4 days ago )
The Latest: UN Security Council strongly condemns 'horrifying' attack in Mali, urges probe
BAMAKO, Mali (AP) — The latest on the attack on a hotel in the Malian capital of Bamako. (All times local):___4:55 a.m.The U.N. Security Council is condemning "the horrifying terrorist attack" at the...
10:58PM ( 1 week ago )
World leaders vow vigorous response to Paris terror spree, but little indication of next steps
ANTALYA, Turkey (AP) — World leaders vowed a vigorous response to the Islamic State group's terror spree in Paris as they opened a two-day meeting in Turkey on Sunday, with President Barack Obama call...
2:14PM ( 2 weeks ago )