Following his State of the Union address, US President Barack Obama signed an executive order that will allow the his government to share its intelligence on potential cyber threats with private firms.
The Improving Critical Infrastructure Cyber Security order aims to protect infrastructure and utilities providers. Speaking during his State of the Union address, President Obama said: “America must face the rapidly growing threat from cyber-attacks.”
“We know hackers steal people’s identities and infiltrate private email. We know foreign countries and companies swipe our corporate secrets. Now our enemies are also seeking the ability to sabotage our power grid, our financial institutions, and our air traffic control systems. We cannot look back years from now and wonder why we did nothing in the face of real threats to our security and our economy,” said President Obama.
The new executive order builds on the Defense Industrial Base Cybersecurity Activities program introduced in May last year, which allows private firms with contracts with the Department of Defense to voluntarily share cyber information with the government, and the Enhanced Cyber Security program which enourages businesses to report malicious cyber threats to the Department of Defense.
As well as allowing the government to share its information on cyber threats outside of the defence sector, the new executive order also places the National Institute of Standards and Technology (NIST) in charge of creating framework for private firm’s cyber security measures.
“The Cybersecurity Framework shall include a set of standards, methodologies, procedures, and processes that align policy, business, and technological approaches to address cyber risks,” explains the order. “The Cybersecurity Framework shall provide a prioritised, flexible, repeatable, performance-based, and cost-effective approach, including information security measures and controls, to help owners and operators of critical infrastructure identify, assess, and manage cyber risk.”
The President’s executive order is a response to the Cyber Intelligence Sharing and Protection Act (CISPA) which was introduced to the House of Representatives last April, but did not make it through Congress to become law.
Despite drawing criticism from civil rights and privacy groups, and the US Chamber of Commerce, CISPA is expected to be reintroduced to the House of Representatives later this week. The Improving Critical Infrastructure Cyber Security order and CISPA differ in that CISPA demands private firms share online information with the government, potentially exposing customers private data.
When it was first introduced last year, the White House threatened to veto CISPA, saying in a statement: “The Administration looks forward to continuing to engage with the Congress in a bipartisan, bicameral fashion to enact cybersecurity legislation to address these critical issues. However, for the reasons stated herein, if H.R. 3523 (CISPA) were presented to the President, his senior advisors would recommend that he veto the bill.”