There is no point in judging a State of the Union address by its content. It's all just checklists of random topics with a few verbs tossed in. This year, cybersecurity was nestled in at the end, somewhere between laundry detergent and names of people President Obama managed to get tickets for. Unfortunately the brief mention of cybersecurity will probably just confuse most folks.
Here’s what was said:
"America must also face the rapidly growing threat from cyber attacks. We know hackers steal people’s identities and infiltrate private e-mail. We know foreign countries and companies swipe our corporate secrets. Now our enemies are also seeking the ability to sabotage our power grid, our financial institutions and our air traffic control systems. We cannot look back years from now and wonder why we did nothing in the face of real threats to our security and our economy.
"That’s why, earlier today, I signed a new executive order that will strengthen our cyber defenses by increasing information sharing, and developing standards to protect our national security, our jobs and our privacy. Now, Congress must act as well, by passing legislation to give our government a greater capacity to secure our networks and deter attacks."
Let’s take it from the top:
"Foreign countries and companies swipe our corporate secrets."
And we swipe theirs, which is reasonable under the circumstances. However it does make it difficult to claim we are victims.
"Our enemies are also seeking the ability to sabotage our power grid, our financial institutions and our air-traffic control systems."
I remain confused as to how our critical infrastructure, mostly utilities, can be so vulnerable and yet so hard to damage. Also, when did air-traffic control make it onto the list of threatened systems? I'm not saying it isn’t threatened, only that this is the first mention I’ve seen.
"Strengthen our cyber defenses by increasing information sharing, and developing standards to protect our national security, our jobs and our privacy."
Increasing information sharing is a great idea, but there are still some real legal issues to be worked out. Can companies be forced to tell if they’ve been hacked and the hack involves U.S. interests? Doesn’t "U.S. interests" pretty much answer that question? Is sharing such data ever a breach of businesses' fiduciary responsibilities? Can you sue banks, water and electric companies, etc., if you are harmed by a security breach? As a side note, I’m almost positive that the president and I have very different ideas what protecting my privacy actually means.
"Now, Congress must act as well."
[Insert laugh track here.]
Speaking of jokes, I just about spit when I heard this:
"My administration will work with Congress to develop an appropriate legal regime so that our efforts are consistent with our values and our Constitution. . . . I ran for President promising transparency, and I meant what I said. And that’s why, whenever possible, my administration will make all information available to the American people so that they can make informed judgments and hold us accountable."
Mr. President, that appropriate legal regime would be called due process, and it’s been around for a couple of hundred years.