You are here

Amid cybersecurity warnings, Obama unveils 'action plan'

US President Barack Obama unveiled a cybersecurity "national action plan" on Tuesday as his intelligence chief warned of growing risks from new technologies that open more doors to hackers.

[WASHINGTON] US President Barack Obama unveiled a cybersecurity "national action plan" on Tuesday as his intelligence chief warned of growing risks from new technologies that open more doors to hackers.

Mr Obama asked for US$19 billion for cybersecurity efforts in his budget request, a 35 per cent increase from current levels, with US$3 billion earmarked to help modernise the patchwork of computer systems used in government agencies.

"More and more, keeping America safe is not just about more tanks or more airplanes," Mr Obama told reporters at the White House.

"We also have to bolster our security online. As we've seen in the past few years, and just in the past few days, cyber threats pose a danger not only to our national security but our economic security."

US intelligence chief James Clapper underscored those risks at a Senate hearing, pointing out that wider adoption of connected devices and new systems that rely on artificial intelligence can open up doors to hackers.

Mr Clapper said "smart" Internet of Things (IoT) devices for autonomous vehicles, household appliances and systems such as electric power grids create new vulnerabilities.

The intelligence chief named Russia, China, Iran and North Korea as "leading threat actors" which pose risks for US security, and said these risks are growing as technology evolves and moves into new devices.

"Future cyber operations will almost certainly include an increased emphasis on changing or manipulating data to compromise its integrity... to affect decision making, reduce trust in systems, or cause adverse physical effects," Mr Clapper said.

"Russian cyber actors, who post disinformation on commercial websites, might seek to alter online media as a means to influence public discourse and create confusion. Chinese military doctrine outlines the use of cyber deception operations to conceal intentions, modify stored data, transmit false data, manipulate the flow of information, or influence public sentiments."

The Obama cyber initiative responds to an epidemic of data breaches and cyber attacks on both government and private networks in recent years, and passage last year of a cybersecurity bill that aims to promote better threat sharing.

Mr Obama said some US computer networks are "archaic" and use systems that date back to the 1960s.

"If you've got broken, old systems - computers, mainframes, software that doesn't work anymore - then you can keep on putting a bunch of patches on it, but it's not going to make it safe," he told reporters.

The launch comes after disclosures last year that personal data from some 20 million federal employees, contractors and others had been leaked in a massive breach at the Office of Personnel Management.

That followed news of attacks hitting health care networks, retailers and others affecting tens of millions more, and a devastating cyber attack on Sony Pictures.

Michael Daniel, Obama's special assistant for cybersecurity, said the plan calls for "both the modernization of our IT (information technology) and the modernization of how we handle cybersecurity."

As part of his initiative, Mr Obama issued an executive order creating a 12-member cybersecurity commission to make recommendations to both the public and private sectors.

The panel is to issue a report to the president by December 1.

A White House statement said the plan calls for a new federal chief information security officer to direct cybersecurity across the federal government.

The White House also will join the private sector in a campaign to help consumers improve online security, in part by helping reduce dependence on passwords, which can often be stolen by hackers.

The campaign is about "moving beyond just passwords and adding an extra layer of security," such as biometric identification or multi-factor authentication using a secure code, according to the White House.

The effort includes major technology firms such as Google, Facebook, Dropbox and Microsoft as well as financial service providers such as MasterCard, Visa and PayPal.

Another part of the programme calls for the government to step up security for its own transactions with citizens to avoid password or identity theft, the White House said.

The announcements were made on "Safer Internet Day," designated by governments and technology firms to boost awareness of cybersecurity issues.