President Obama’s Executive Order On Cybersecurity Focuses on Information Sharing

Brief summary of President Obama's Executive Order on Cybersecurity along with comments from EEI.

As you have undoubtedly heard by now, President Obama has signed an executive order regarding cybersecurity. This was done ostensibly to protect infrastructure, like the electrical grid, from cyberattacks or worse yet cyberterrorism. You can read the entire executive order at the White House web site. The second sentence essentially spells out the problem: The cyber threat to critical infrastructure continues to grow and represents one of the most serious national security challenges we must confront. Scary stuff.

The government plan to deal with this problem concerns mostly the sharing of information. The excutive order states: It is the policy of the United States Government to increase the volume, timeliness, and quality of cyber threat information shared with U.S. private sector entities so that these entities may better protect and defend themselves against cyber threats

Apparently, the government plans to tap people in the private sector who have special talents for dealing with these threats. The order goes on to say:  In order to maximize the utility of cyber threat information sharing with the private sector, the Secretary of Homeland Security shall expand the use of programs that bring private sector subject-matter experts into Federal service on a temporary basis. These subject matter experts should provide advice regarding the content, structure, and types of information most useful to critical infrastructure owners and operators in reducing and mitigating cyber risks.

The order also gets into privacy and civil liberties protections by stating that agencies shall coordinate their activities under this order with their senior agency officials for privacy and civil liberties and ensure that privacy and civil liberties protections are incorporated into such activities.

The organization responsible for setting the baseline framework for reducing cyber risk to critical infrastructure is none other than the National Institute of Standards and Technology. The framework will include a set of standards, methodologies, procedures, and processes that align policy, business, and technological approaches to address cyber risks. When completed, the Secretary, in coordination with Sector-Specific Agencies, will establish a voluntary program to support the adoption of the Cybersecurity Framework by owners and operators of critical infrastructure and any other interested entities.

So who is perpetrating these attacks on critical U.S. infrastructure? A glance at Google results for “cyber attacks on U.S.” reveals that hackers are suspected or known to be from countries like Iran and China. The origins of some attacks, though, are still a mystery. Not surprisingly, some attacks still fall under the denial-of-service category, a technique that has been around for quite a while, but still is difficult to defend against.

As for an official response to this latest executive order, the only one I’ve seen so far is from the Edison Electric Institute, which said the following:

The Edison Electric Institute (EEI) shares the President’s goal of protecting critical infrastructure from cyber attacks.  As the only industry subject to mandatory and enforceable cybersecurity standards, the electric power sector already is taking significant steps to protect the electric grid and to work closely with the government to prevent, detect, and respond to cyber threats.  The Executive Order represents another step toward improving government-industry coordination, but it does not preclude the need for congressional action to address statutory changes that will improve information sharing and access to classified information that the private sector needs to serve as the first line of defense in the protection of its critical infrastructure.  EEI and its members look forward to continuing to work with the Administration and Congress to address this national security priority.

Newsletter Signup

Please or Register to post comments.

What's Joe Desposito's Blog?

Blogs by Electronic Design's Editor-in-Chief

Contributors

Joe Desposito

Joe Desposito has held the position of editor-in-chief of Electronic Design since July, 2007. He first joined the publication in 1998 as a technology editor covering test and measurement but quickly...
Commentaries and Blogs
Guest Blogs
Nov 11, 2014
blog

How to Outsource Your Project to Failure 4

This article will address failure to carefully vet a potential manufacturing or “turnkey” partner and/or failure to transfer sufficient information and requirements to such a partner, a very common problem I have seen again and again with my clients over the years, and have been the shoulder cried upon by several relatives and clients in the past....More
Nov 11, 2014
blog

Transition from the Academe to the Industry Unraveled 1

There have been many arguments here and there about how short-comings of universities and colleges yield engineers with skill sets that do not cater to the demands of the industry. There have been many arguments here and there about an imminent shortage of engineers lacking knowledge in the sciences. There have been many arguments here and there about how the experience and know-how of engineers in the industry may vanish due to the fact that they can’t be passed on because the academic curriculum deviates from it....More
Nov 11, 2014
blog

Small Beginnings 5

About 10 years ago I received a phone call from an acquaintance. He had found a new opportunity selling some sort of investments and he wanted to share it with me in case I was interested. Ken had done fairly well for many years as a contract software developer primarily in the financial services sector. His specialty was writing RPG code. (RPG is often referred to as a write only language.) But he was seeing the handwriting on the wall as the industry moved on to other methods, and saw himself becoming a fossil....More

Sponsored Introduction Continue on to (or wait seconds) ×