February 13, 2013
Credit: Credit: USAF
U.S. President Barack Obama on Tuesday signed an executive order seeking better protection of the country’s critical infrastructure from cyber attacks that are a growing concern to the economy and national security.
The long-expected executive order, unveiled in the State of the Union speech, follows last year’s failed attempt by the U.S. Congress to pass a law to confront continuing electronic attacks on the networks of U.S. companies and government agencies.
The order, which does not have the same force as law, directs federal authorities to improve information sharing on cyber threats - including some that may be classified - with companies that provide or support critical infrastructure.
Cyber attacks in recent months targeted a succession of major U.S. companies and government agencies, adding fuel to the debate about how the government and the private sector, which runs most of the critical U.S. infrastructure, can best protect sensitive information.
“We know hackers steal people’s identities and infiltrate private e-mail,” Obama said in the address. “We know foreign countries and companies swipe our corporate secrets. Now our enemies are also seeking the ability to sabotage our power grid, our financial institutions, and our air traffic control systems. We cannot look back years from now and wonder why we did nothing in the face of real threats to our security and our economy.”
The new order directs government officials, led by the secretary of homeland security, in the next year to create standards to reduce cybersecurity risks.
The government will offer incentives to encourage companies to adopt them, but because it lacks legal enforcement power, adoption of the so-called Cybersecurity Framework will be voluntary.
To help companies protect themselves, the order also will set up a program to ease delivery of classified cyber threat information to eligible companies. It also calls for expedited security clearances for some company employees who deal with critical infrastructure.
The executive order carries no power to compel companies to reciprocate or to exchange cybersecurity information among themselves. That is one reason why White House officials underscore that the order does not replace legislation that Congress could once again undertake this year.