News Column

Cybersecurity Order Fosters Data Sharing

February 13, 2013

By Ron Acohido


President Obama on Tuesday issued an executive order designed to get the federal government and private companies working more closely to protect the nation's critical infrastructure against cyberattacks.

The president signed the widely expected directive just before his State of the Union Address. It was prompted by Congress' failure to pass laws that would compel companies to share information about cyberattacks with federal authorities.

"Last year, there was a wide-open door for cybersecurity legislation, but Congress tried to fit a truck through," says Harriet Pearson, a privacy and information management attorney.

Obama assigned the National Institute of Standards and Technology (NIST) to lead development of a framework for voluntary information-sharing aimed at stemming cyberattacks on water and power plants and other critical systems. A senior White House official, who briefed reporters prior to the speech, said the order was "not a substitute" for new cybersecurity laws, which are still needed.

Jody Westby, CEO of consultancy Global Cyber Risk, says wider sharing of intelligence on what criminals and spies are doing is good. But she worries that NIST could develop an unwieldy framework of mandatory standards for critical infrastructure companies. "This sort of overreaching by the president could result in numerous legal challenges over his ability to usurp the powers of the legislative branch," Westby says.

Chris Bronk, fellow of information technology at Rice University, says voluntary standards implemented by federal agencies will only go so far. "All you're doing is leaving it to the agencies to reallocate existing resources," he says. "It basically just asks for a lot of planning and reporting about what to do next."

The European Commission last week proposed a sweeping Cybersecurity Directive underscoring that "the push for regulation in this area extends well beyond Washington," Pearson notes.

"Information sharing between the government and private companies needs to increase, to improve the cybersecurity ecosystem overall" says Mary Ellen Callahan, chair of privacy and information governance at law firm Jenner & Block.

"Almost everyone agrees that the federal government has a big role to play in cybersecurity," Pearson says. "Companies will be wary of information sharing without liability protection -- which is something only Congress can provide."

For more stories covering the world of technology, please see HispanicBusiness' Tech Channel

Source: (c) Copyright 2012 USA TODAY, a division of Gannett Co. Inc.

Story Tools Facebook Linkedin Twitter RSS Feed Email Alerts & Newsletters