State agencies explain Cybersecurity Executive OrderNews
February 14, 2013
Experts from the Department of Defense (DoD), the Department of Homeland Security (DHS), and other government agencies met at the Commerce Department’s Washington, DC, headquarters on Wednesday to explain President Obama’s Cybersecutiy Executive Order (EO) in detail. Leaders from the primary government agencies stressed that the order, which is based on information sharing and a voluntary framework of cybersecurity best practices, will rely heavily on the willingness of private critical infrastructure industries to collaborate against cyber attacks.
The order’s new system of information sharing draws from DoD and DHS intelligence to better inform critical infrastructure companies of potential cyber threats. Under the EO, the Enhanced Cybersecurity Services program is expanded beyond the Defense Industrial Base to enable sharing of real-time classified cyber threat and technical information between the government and participating critical infrastructure companies, while allowing industries to develop and disseminate their own best practices.
Development of the cyber security framework will be led by the National Institute of Standards and Technology (NIST), which will work collaboratively with critical infrastructure players to integrate it amongst proven existing standards, practices, and procedures. Dr. Patrick Gallagher, NIST Director and Undersecretary of Commerce for Standards and Technology, said that the standardized framework will be similar to the collaborative “standards” that allow products in the computer industry to work together, stressing that the term “standard” is not something being imposed.
Within 120 days of the order, the Secretary of Defense will work in collaboration with the DHS Secretary to roll out procedures that expand the Enhanced Cybersecurity Services program to all critical infrastructure sectors. Also within 120 days, the U.S. Attorney General, Secretary of Homeland Security, and Director of National Intelligence must issue instructions ensuring the timely production of unclassified cyber threat reports that identify a specific targeted entity. “The EO takes a step towards action,” said General Keith Alexander, Commander of the U.S. Cyber Command and Director of the National Security Agency.
According to officials, getting everyone in critical infrastructure to participate will be the most difficult part of the EO. “This is a down-payment on what we need,” said Gallagher. In order to make the plan most effective “we need quick legislation,” he said.