Obama's cybersecurity executive order issued for critical infrastructure

Robert Richardson, Editorial Director

President Barack Obama issued the long-awaited cybersecurity executive order for

    Requires Free Membership to View

Improving Critical Infrastructure Cybersecurity Tuesday evening. Aimed at improving public-private information sharing, the directive creates voluntary cybersecurity standards and best practices. Congress is today taking up a bill, a new version of the previously dropped Cyber Intelligence Sharing and Protection Act, which tackles many of the same concerns.

Within 120 days, the order states, "the Attorney General, the Secretary of Homeland Security (the "Secretary"), and the Director of National Intelligence shall each issue instructions consistent with their authorities …to ensure the timely production of unclassified reports of cyber threats."

The order tasks the National Institute of Standards and Technology to oversee the development of a risk assessment and best practices document, referred to as the Cybersecurity Framework, within the next year. Additional deliverables called for by the directive include an update to the National Infrastructure Protection Plan and the completion of a national critical infrastructure security and resilience research and development plan within 2 years.

There has been criticism of the president's decision to approach the matter via an executive order, rather than allowing legislators to tackle the matter, even though prior legislation has failed to survive both houses. Senator Charles Grassley was quoted in The Washington Post saying, "Just because Congress doesn't act doesn't mean the president has a right to act."

Others are concerned about whether the order actually gets anything done. A post at Kaspersky's Threatpost blog noted that, "What the order does not include are any mandates, required changes or a plan for significant action."

But at least one observer believes the president's action at least sets a new tone. Jagat Shah, CTO of Columbia, Md.-based SIEM vendor EventTracker, believes that "When the White House weighs in and makes a move like this, it definitely creates a greater awareness about an ongoing and serious problem. Most government agencies and contractors who support them are required to follow guidelines and standards to protect infrastructure, but cybersecurity projects have been on the back burner for the last few years. This order is now requiring them to assign the necessary resources and budget to implement long-needed cybersecurity guidelines and standards."

There are Comments. Add yours.

TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: