President Obama vowed during the 2008 campaign to protect the country from cyber threats -- everything from hackers stealing consumers' online information to terrorists tampering with water systems and electric grids. Four years in, the White House has made progress on its goal of implementing a comprehensive strategy but not enough to say we're ready should a cyber terrorist strike.

For evidence, the White House pointed us to the Comprehensive National Cybersecurity Initiative, a set of goals launched during George W. Bush's administration and furthered by the Obama White House.

With funding through federal law enforcement, intelligence agencies and the Defense Department, the initiative sets specific objectives including coordination of research efforts in cybersecurity, deploying "intrusion detection” systems to alert officials of coming threats and increasing the security of classified networks.

The Obama administration in February 2012 also unveiled its plan to protect consumers' privacy online, emphasizing voluntary compliance from companies that handle people's personal data. (PolitiFact has that promise separately rated In the Works because those consumer protections are not solidified in law.) Obama promised to create a cybersecurity coordinator to oversee federal efforts and report directly to the president. Obama appointed Howard Schmidt to the post in 2009, though the position is not directly under the president. We rated it a Compromise.

We checked with Susan Landau, a cybersecurity expert and visiting scholar at Harvard University, for her insights on how Obama has done on creating a comprehensive strategy. She pointed to the National Strategy for Secure Identities in Cyberspace for protecting consumers and the International Strategy for Cyberspace, an outline for nations to promote secure vital networks while opening Internet access as a means of economic prosperity.

So that's what has happened. What hasn't happened: a change in law.

The Cybersecurity Act of 2012 failed repeatedly to pass Congress in 2012. The large-scale measure would have created security standards for owners of the most vital computer networks and provided protection from lawsuits to companies that voluntarily comply with the standards. But Republicans and critics in industry opposed the bill, saying it would have allowed the government to be overly involved in creating security standards on private business and that the liability protection was insufficient. The Republican-led House also passed a series of smaller measures that would not have created any new rules for businesses, but those went nowhere in the Senate.

With no progress on Capitol Hill, reports emerged that the Obama administration was considering an executive order regarding cybersecurity. That order has yet to be issued though, and it's unclear how much authority Obama could wield on securing private computer networks and the like.

George Smith, an expert on the science and technology of national security at GlobalSecurity.org, expressed doubts about the order's potential.

"It was all wishy-washy stuff without much meaning or any means to compel anyone in the infrastructure to do things it had argued were needed,” he said in an email to PolitiFact. "Plus, you had to buy all the arguments the current administration makes about cybersecurity and the potential impacts of cyberwar attacks, which not everyone does.”

Added Landau: "These are not easy problems, and the fixes are technical, policy, and legal, making the challenges even greater.”

Despite Obama's efforts so far on implement a strategy to prepare the country for cyber attacks, it's clear there is still a long way to go. We'll continue to watch for any legislative action by the new Congress and leave this rated In the Works.