Obama Inks Cyber Security Order

Wednesday, February 13, 2013 @ 10:02 PM gHale


A new presidential executive order will set the stage to boost the government’s involvement in cyber security for companies that run the electric grid and other key infrastructure.

As has been the case in the past, Republicans who fought back last year against a White House-backed cyber security bill were quick to criticize the executive order, which President Barack Obama unveiled in his State of the Union address, and vowed aggressive oversight of the programs it establishes.

RELATED STORIES
Hackers ‘Declare War’ on U.S.
Big Security Push by DoD
Back to Basics: Security 101
Drive-bys Tops EU Threat Reports

Business groups, which helped lead last year’s opposition to the cyber security legislation, eyed the new executive order warily, and raised concerns the executive action was planting the seeds for future regulation that would require companies to meet certain security standards.

The executive order Obama signed Tuesday directs agencies to develop and implement a program of voluntary cyber security standards for companies running key infrastructure. It also instructs regulatory agencies to determine whether they can make some of those standards mandatory under their current authority.

Cyber security specialists said examples of standards that fall into consideration include making sure antivirus programs are up-to-date, knowing all the points where a company’s network connects to the Internet, or limiting who has widespread access to company networks.

The order takes additional measures to expand private-sector access to government intelligence about cyber threats and instructs agencies to assess whether they should take additional action to shore up computer security for critical infrastructure, which analysts said could open the door to future regulation.

The order instructs the Homeland Security Department to identify companies running infrastructure “where a cyber security incident could reasonably result in catastrophic regional or national effects.” Agencies must report to the president on the extent to which these companies are participating in the voluntary program.

It is unclear how many companies will choose to participate in the program. Because these new programs come from the White House, their effectiveness will largely be a matter of White House muscle.

The standards program could, in effect, influence other markets, said a former Obama administration official. With heavy participation, insurance underwriters may see an opportunity to offer lower premiums to companies that meet or exceed the standards.

Some cyber security advocates said the executive order would do too little. “It is time to stop admiring the problem and fix it,” said Alan Paller, director of research, at the SANS Institute cyber security firm. “The country deserves more.”

Acknowledging the limits of an executive order, administration officials vowed Wednesday to pursue additional measures through legislation. Providing liability protections in exchange for participating in the standards program or sharing threat data with the government, for example, must win approval by Congress.

“It’s a down-payment on legislation,” said White House cyber security chief Michael Daniel at a rollout event Wednesday. “We still ultimately need legislation.”



One Response to “Obama Inks Cyber Security Order”

  1. […] want to subscribe to the RSS feed for updates on this topic.If you haven’t already, check out the ISSSource.com blog post from Greg Hale about U.S. President Barack Obama’s executive order that “directs agencies to develop and […]


Leave a Reply

You must be logged in to post a comment.