Combating Cyber-Terrorism: President Issues Executive Order on Improving Critical Infrastructure Cybersecurity
Cybersecurity has been a contentious topic over the past two years in Washington, and not without reason. As cyber and network technology continues to improve, an increasing number of cyber-attacks are being reported against private corporations and government agencies alike. As recently as January, cyber-attacks have affected both the U.S. Sentencing Commission and major news outlets, and resulted in the temporary closing of a U.S. power plant. As technology becomes increasingly interconnected, stakeholders recognize the need to take important steps to ensure the security of information. This has led to a debate over how to implement measures that appropriately balance the needs of numerous stakeholders. The government’s need to protect its IT supply chain must be balanced against the concerns of government contractors and other private entities over increased regulation and appropriation of data rights and other proprietary information.
In the face of continuous legislative stalemate, President Obama yesterday issued a long-anticipated Executive Order (EO) — Improving Critical Infrastructure Cybersecurity — that will have implications for a number of industries, and may reenergize the push for legislation. The EO identifies sectors that will be considered critical infrastructure (CI), requires improvements in government–to-private sector cyber threat sharing, mandates the creation of a voluntary CI Cybersecurity Framework (Cybersecurity Framework) and empowers agencies to reevaluate and improve their cybersecurity regulations based on the Cybersecurity Framework. The EO mirrors much of the Senate compromise bill (S. 3414), which failed to garner the required 60 votes in the Senate last summer.
Renewed legislative attempts to address cybersecurity are also underway. Today, House Intelligence Committee Chairman Mike Rogers and Congressman Dutch Ruppersberger reintroduced the Cyber Intelligence Sharing and Protection Act (CISPA) (H.R. 624). Further, it appears that the House Committee on Homeland Security also may introduce cybersecurity legislation in the coming weeks, and several proposed bills are being circulated in the Senate.