CybersecurityObama to issue cybersecurity executive order today

Published 13 February 2013

President Barack Obama is expected to issue an executive order tomorrow to dealing protecting U.S. critical infrastructure from cyberattacks. The order will be issues one day after the president’s State of the Union address. The order will establish a critical infrastructure council which will be run by DHS and will include members of the Departments of Defense, Justice, and Commerce as well as the National Intelligence Office. The council will be tasked with formulating new regulations for federal agencies, or broadening regulations  already in place. The regulations will most likely include the sharing of data between private corporations and the federal government.

President Barack Obama is expected to issue an executive order tomorrow to dealing protecting U.S. critical infrastructure from cyberattacks. The order will be issues one day after  the president’s State of the Union address.

TheHill reported yesterday that two officials familiar with the situation confirmed that the executive order would be issued Wednesday.

USA Todayreports that  Jay Carney, the White House spokesman, would not offer any details. “You know that the President believes that cybersecurity is a very important issue,” Carney told reporters. “It represents a huge challenge for our country. He has called on Congress to take action. Unfortunately, Congress has thus far refused legislatively.”

Gant Redmon, the general counsel at Co3 systems, said he expects Obama to “highlight the benefits for industry in terms of threat intelligence to be made available to domestic targets.”

A preliminary draft of the order, which was leaked last September, show the  order calling for the establishment of a critical infrastructure council which will be run by DHS and will include members of the Departments of Defense, Justice, and Commerce as well as the National Intelligence Office.

The council will be tasked with   formulating new regulations for federal agencies,  or broadening regulations  already in place. The regulations will most  likely  include the sharing of data between private corporations and the federal government.

“Information sharing between the government and private companies needs to increase, to improve the cybersecurity ecosystem overall,” Mary Ellen Callahan, chair of privacy and information governance at law firm Jenner & Block told USA Today. “The information sharing element will be voluntary, but hopefully encourage more private sector-government communications on these very real threats.”

Jody Westby, CEO of Global Cyber Risk, said that there were around forty cybersecurity bills in the last Congress, and sixty in the one before, but not a single one passed.

“Congress was hog-tied because it had an insufficient understanding of the problem and tried to force mandates, disguised as voluntary measures, on the private sector and got blocked by the U.S. Chamber,” Westby told USA Today. “That indicates to me that there are fundamental problems with the legislation, the need for it, and in understanding the problems.”

Westby cautioned, though, that Obama should not use his power simply because he is frustrated with Congress not coming to an agreement on cybersecurity legislation. “This sort of overreaching by the President could result in numerous legal challenges over his ability to usurp the powers of the legislative branch,” Westby said. “Just because he is frustrated with Congress does not mean that he can step on the separation of powers. His job is to enforce laws, not enact them.”

F. Ward Holloway, vice president of business development at FireMon said he would support Obama’s order if it leads to a “concrete action plan to help reduce and eliminate breach events” that are occurring daily and receiving more public attention.

Specifically, there needs to be a commitment to moving to a proactive versus reactive network security posture,” Holloway told USA Today. “The technology already exists to do this.”