President Obama on Tuesday issued an executive order designed to get the federal government and private companies working more closely to protect the nation's critical infrastructure against cyberattacks.
The president signed the widely expected directive just before his State of the Union Address. It was prompted by Congress' failure to pass laws that would compel companies to share information about cyberattacks with federal authorities.
"Last year, there was a wide-open door for cybersecurity legislation, but Congress tried to fit a truck through," says Harriet Pearson, a privacy and information management attorney.
Obama assigned the National Institute of Standards and Technology (NIST) to lead development of a framework for voluntary information-sharing aimed at stemming cyberattacks on water and power plants and other critical systems. A senior White House official, who briefed reporters prior to the speech, said the order was "not a substitute" for new cybersecurity laws, which are still needed.
Jody Westby, CEO of consultancy Global Cyber Risk, says wider sharing of intelligence on what criminals and spies are doing is good. But she worries that NIST could develop an unwieldy framework of mandatory standards for critical infrastructure companies. "This sort of overreaching by the president could result in numerous legal challenges over his ability to usurp the powers of the legislative branch," Westby says.
Chris Bronk, fellow of information technology at Rice University, says voluntary standards implemented by federal agencies will only go so far. "All you're doing is leaving it to the agencies to reallocate existing resources," he says. "It basically just asks for a lot of planning and reporting about what to do next."
The European Commission last week proposed a sweeping Cybersecurity Directive underscoring that "the push for regulation in this area extends well beyond Washington," Pearson notes.
"Information sharing between the government and private companies needs to increase, to improve the cybersecurity ecosystem overall" says Mary Ellen Callahan, chair of privacy and information governance at law firm Jenner & Block.
"Almost everyone agrees that the federal government has a big role to play in cybersecurity," Pearson says. "Companies will be wary of information sharing without liability protection -- which is something only Congress can provide."
Most Popular Stories
- Rackspace Ends Talks About Possible Acquisition
- Mercedes Rolls Out S550 Plug-in Hybrid
- Missouri GM Plant Adding 750 jobs
- Poverty Rate Drops for First Time Since 2006
- Aaron Hernandez: I Felt Helpless to Refuse Police
- Parameters Being Drawn for IS Action
- Cedeno Named USHCC Businessman of the Year
- Anheuser-Busch, Visa Voice NFL Disapproval
- Can Kobach Keep Taylor's Name on Ballot?
- Two-thirds of Hispanics Doubt Media Accuracy