US organizes cyber threat response

Spy agencies would share data with companies

WASHINGTON — A new White House executive order would direct US spy agencies to share the latest intelligence about cyber threats with companies operating electric grids, water plants, railroads, and other vital industries to help protect them from electronic attacks, according to a copy obtained by the Associated Press.

The seven-page draft order, which is being finalized, takes shape as the Obama administration expresses growing concern that Iran could be the first country to use cyberterrorism against the United States.

The military is ready to retaliate if the United States is hit by cyberweapons, Defense Secretary Leon Panetta said.


But the United States also is poorly prepared to prevent such an attack, which could damage or knock out critical services that are part of everyday life.

Get Ground Game in your inbox:
Daily updates and analysis on national politics from James Pindell.
Thank you for signing up! Sign up for more newsletters here

The White House declined to say when the president will sign the order.

The draft order would put the Department of Homeland Security in charge of organizing an information-sharing network that rapidly distributes sanitized summaries of top-secret intelligence reports about known cyber threats that identify a specific target.

With these warnings, known as tear lines, the owners and operators of essential US businesses would be better able to block potential attackers from gaining access to their computer systems.

An organized, broad-based approach for sharing cyber threat information gathered by the government is widely viewed as essential for any plan to protect US computer networks from foreign nations, terrorist groups, and hackers. Existing efforts to exchange information are narrowly focused on specific industries, such as the finance sector, and have had varying degrees of success.


Yet the order has generated stiff opposition from Republicans on Capitol Hill who view it as a unilateral move that bypasses the legislative authority held by Congress.

Administration officials said the order became necessary after Congress failed this summer to pass cybersecurity legislation, leaving critical infrastructure companies vulnerable to a serious and growing threat.

Conflicting bills passed separately by the House and Senate included information-sharing provisions.

But efforts to get a final measure through both chambers collapsed over the GOP’s concerns that the Senate bill would expand the federal government’s regulatory power and increase costs for businesses.