President Obama on Tuesday issued an executive order designed to get the federal government and private companies working more closely to protect the nation's critical infrastructure against cyberattacks.
The president signed the widely expected directive just before his State of the Union Address. It was prompted by Congress' failure to pass laws that would compel companies to share information about cyberattacks with federal authorities.
"Last year, there was a wide-open door for cybersecurity legislation, but Congress tried to fit a truck through," says Harriet Pearson, a privacy and information management attorney.
Obama assigned the National Institute of Standards and Technology (NIST) to lead development of a framework for voluntary information-sharing aimed at stemming cyberattacks on water and power plants and other critical systems. A senior White House official, who briefed reporters prior to the speech, said the order was "not a substitute" for new cybersecurity laws, which are still needed.
Jody Westby, CEO of consultancy Global Cyber Risk, says wider sharing of intelligence on what criminals and spies are doing is good. But she worries that NIST could develop an unwieldy framework of mandatory standards for critical infrastructure companies. "This sort of overreaching by the president could result in numerous legal challenges over his ability to usurp the powers of the legislative branch," Westby says.
Chris Bronk, fellow of information technology at Rice University, says voluntary standards implemented by federal agencies will only go so far. "All you're doing is leaving it to the agencies to reallocate existing resources," he says. "It basically just asks for a lot of planning and reporting about what to do next."
The European Commission last week proposed a sweeping Cybersecurity Directive underscoring that "the push for regulation in this area extends well beyond Washington," Pearson notes.
"Information sharing between the government and private companies needs to increase, to improve the cybersecurity ecosystem overall" says Mary Ellen Callahan, chair of privacy and information governance at law firm Jenner & Block.
"Almost everyone agrees that the federal government has a big role to play in cybersecurity," Pearson says. "Companies will be wary of information sharing without liability protection -- which is something only Congress can provide."
Most Popular Stories
- SEO Traffic Lab Celebrate Wins at Digital Marketing Event 'Internet World 2013' in London
- Social Media Initiatives Should Follow Customers' Lead
- Apple CEO: Offshore Units Not a 'Tax Gimmick'
- U.S. Senate Accuses Apple of Large-scale Tax Avoidance
- UTEP Water Recycling Project Wins Venture Titles
- Marketo Makes a Mint in IPO: Stock Shoots Up More than 50 Percent
- Bieber Booed at Billboard Awards
- Crude Oil Up, Gasoline Down
- Austin Startup Compare Metrics Raises $3.5 Million for Expansion
- Why So Many Top 'Car Guys' Are Actually Women