September 25, 2012
Credit: Credit: Motorola
The White House is preparing to direct federal agencies to develop voluntary cybersecurity guidelines for owners of power, water and other critical infrastructure facilities, according to people who said they had seen recent drafts of an executive order.
The prospective order would give the agencies 90 days to propose new regulations and create a new cybersecurity council at the Department of Homeland Security with representatives from the Defense Department, Justice Department, Director of National Intelligence and the Department of Commerce, a former government cyber-security official told Reuters.
“It tells those who have the ability to regulate to go forth and do so,” said the person, who is currently outside the government and spoke on condition of anonymity in order to preserve access to government officials.
The draft executive order includes elements of what had been the leading cybersecurity overhaul bill in the Senate, which was defeated this summer amid opposition from industries opposed to increased regulation.
Senate Homeland Security Chairman Joe Lieberman, an independent and one of the principal authors of that bill, on Monday urged the White House to issue such an order.
“The Department of Homeland Security has clear authority, if directed by you, to conduct risk assessments of critical infrastructure, identify those systems or assets that are most vulnerable to cyber attack and issue voluntary standards for those critical systems or assets to maintain adequate cybersecurity,” Lieberman wrote to President Barack Obama.
The document has been circulating among the agencies and might go to top officials for their comments as soon as this week, another person involved in the process said.
A spokeswoman for the administration’s National Security Council, Caitlin Hayden, confirmed that an order was being considered but would not provide details. “We’re not commenting on the elements,” Hayden said.