New Cybersecurity Executive Order
Hot off the griddle, here’s news courtesy of Nicole Henderson at The WHIR regarding cybersecurity.
Note this: “The executive order says that critical infrastructure does not include “commercial information technology products or consumer information technology services.”
See also this morning’s post on cyber security, “Cyber Security Hotting Up”.
Emphasis in red added by me.
Brian Wood, VP Marketing
President Obama Issues Long-Awaited Executive Order on Cybersecurity
Prior to delivering the State of the Union address on Tuesday evening, President Obama issued an executive order on cybersecurity, a long-awaited move that aims to protect the critical infrastructure in the US through voluntary information sharing, and the development of a cybersecurity framework.
The executive order comes as House Intelligence Committee Chairman Mike Rogers and Rep. Dutch Ruppersberger announced that they would reintroduce the Cyber Intelligence Sharing and Protection Act. CISPA also aims to improve information sharing between companies operating vital infrastructure in the US and government, but many privacy advocates believe the way it deals with personally identifiable information is problematic.
The executive order is not legislation, so it “cannot grant federal agencies and departments any new powers,” a report by The Hill says.
President Obama’s plan includes two main components which aim to drive a stronger tie between critical infrastructure owners and operators and the US government.
The first is new information sharing programs which would mandate federal agencies to produce unclassified reports of threats to US companies in a “timely manner.”
The second is the development of a Cybersecurity Framework which the National Institute of Standards and Technology would work to develop with industry and would rely on “existing international standards, practices, and procedures.” A draft of the framework is due in 240 days and the final version will be published within a year, The Hill says.
Unlike CISPA, the executive order would require agencies to “incorporate privacy and civil liberties safeguards in their activities” based on the Fair Information Practice Principles.
The executive order says that critical infrastructure does not include “commercial information technology products or consumer information technology services,” according to CNET. Instead, it would apply to a subset of industries vital to the US “that the incapacity or destruction of such systems and assets would have a debilitating impact on security, national economic security, national public health or safety, or any combination of those matters.”
“The Internet Infrastructure Coalition supports President Obama’s desire to strengthen the security infrastructure of America,” Christian Dawson, founder of i2Coalition said in a statement. “We look forward to working with the Department of Homeland Security to create a cybersecurity structure that respects the ability of infrastructure providers to innovate new security businesses and one that protects civil rights and an open Internet.”
“America must also face the rapidly growing threat from cyber-attacks. We know hackers steal people’s identities and infiltrate private e-mail. We know foreign countries and companies swipe our corporate secrets,” President Obama said in his State of the Union address. “Now our enemies are also seeking the ability to sabotage our power grid, our financial institutions, and our air traffic control systems. We cannot look back years from now and wonder why we did nothing in the face of real threats to our security and our economy.”