U.S. President Barack Obama issues a long-awaited executive order aimed at improving cyber security.
The order is designed to promote better protection of the country’s critical infrastructure from cyber attacks that are a growing concern to the economy and national security, according to Reuters and other sources
The executive order follows last year’s failed attempt by the U.S. Congress to pass a law to confront continuing electronic attacks on the networks of U.S. companies and government agencies, said the agency. Here is the full text of “Executive Order — Improving Critical Infrastructure Cybersecurity“.
Though not enshrined in law, the order gives federal authorities the go-ahead to improve improve information sharing on cyber threats with private companies that provide or support critical infrastructure. The executive order will make it easier for people at private companies to get security clearances so classified information can be shared.
US businesses and government agencies have increasingly been the focus of criminal hacking attacks and acts of cyber warfare – believed to be the work of state sponsored foreign agencies as well as home-grown hacktivist groups.
The President also outlined a strategic review of the nation’s cyber defenses with a lead role for the Department of Homeland Security (DHS) in protecting critical U.S. infrastructure, reported Reuters. The DHS will be tasked with setting up a system for sharing cyber threats with private industry and be responsible for protecting critical infrastructure.
As described in Section 7 of the executive ordered titled “Baseline Framework to Reduce Cyber Risk to Critical Infrastructure”, key component of the initiative is a “Cybersecurity Framework” to be developed by NIST with public input, intended to “provide a prioritized, flexible, repeatable, performance-based, and cost-effective approach, including information security measures and controls, to help owners and operators of critical infrastructure identify, assess, and manage cyber risk.”
FBI Executive Assistant Director Richard McFeely, head of the Criminal, Cyber, Response and Services Branch told Reuters, “Our biggest issue right now is getting the private sector to a comfort level so they can report anomalies, malware, incidents within their network without undue fear of being “outed” as victims.”
Author Rob Waugh, We Live Security