Prior to the State of the Union address this evening, the White House issued an Executive Order addressing cybersecurity, Improving Critical Infrastructure Cybersecurity. The rumored order had been awaited by many wondering what the White House's plan regarding cybersecurity would be in the wake of the failure of legislative efforts such as the Cyber Intelligence Sharing and Protection Act (CISPA) in 2012.
In his address, President Obama made mention of cybersecurity, stating,
America must also face the rapidly growing threat from cyber-attacks. We know hackers steal people's identities and infiltrate private e-mail. We know foreign countries and companies swipe our corporate secrets. Now our enemies are also seeking the ability to sabotage our power grid, our financial institutions, and our air traffic control systems. We cannot look back years from now and wonder why we did nothing in the face of real threats to our security and our economy.
The second sentence in this invocation highlights the growing concern of advocates and the tech community over the characterization of "hacking" and "hackers." This concern has also been a core part of the conversation of the need to revisit the Computer Fraud and Abuse Act (CFAA) in the wake of the death of Internet activist Aaron Swartz.
The lack of a comprehensive infrastructure to deal with cybersecurity threats has left both those who engage in activities that may currently be punishable under the Computer Fraud and Abuse Act, as well as other U.S. laws, with little recourse to protect their own rights, especially in the face of undue or aggressive prosecution. From a national security perspective, this lack of a promulgated framework implicates international legal concerns with how those that may be found to compromise critical infrastructure systems should be treated under the law. The lack of legal characterization of these individuals under international law may implicate human rights concerns.
While the future of cybersecurity is unclear, the national conversation has been jumpstarted and brought to the fore with the mention of the issue in the State of the Union address. The framing of "hackers" brings with it much worry as the administration, Congress and the Department of Justice have failed to bring forth plans that address how to appropriately balance civil liberties and the need to keep systems, both public and private sector, secure.