Cybersecurity Executive Order Precedes State of the Union

In the hours preceding his State of the Union Address, President Obama signed an Executive Order which will expand public-private sector information sharing in an effort to promote comprehensive cybersecurity progress among critical infrastructure operators and financial institutions. Following this announcement, politicians and business leaders are wondering whether the directive goes far enough and how it might affect parallel legislation being proposed in Congress.

"Now our enemies are also seeking the ability to sabotage our power grid, our financial institutions and our air traffic control systems," Obama explained in his national address. "We cannot look back years from now and wonder why we did nothing in the face of real threats to our security and our economy."

The Executive Order involves a two-pronged approach, expanding an existing threat intelligence sharing program to additional sectors and developing a framework of proven standards, practices and procedures for critical infrastructure operators to follow. The initiative will continue to rely on voluntary participation from private sector entities as the presidential directive can only govern the activities of federal agencies.

Critical response
While bolstering data security practices across critical sectors is a universally accepted objective, consensus on how to reach that end has been lacking. While the Executive Order draws welcome attention to an important issue, some question its substance.

"The Executive Order is about information sharing - it does not even begin to address the real problem, which is that these systems are completely insecure," one private sector security executive told the New York Times.

According to CNET, the motion may also relieve pressure on Congress to pass more forceful and prescriptive legislation. While an amended version of the Cyber Intelligence Sharing and Protection Act (CISPA) will be reintroduced to Congress this week, the controversial bill has meant vociferous opposition from private citizens concerned by the lack of private data protection safeguards.

According to PC Magazine, the "one-way street" of information sharing on offer within the Executive Order may not drive progress quite as fast as CISPA might, but partisan debate has restricted more open participation from private sector corporations. While Republicans preached a strategy of incentivization over regulation, Democrats feared the data protection implications of companies like Facebook, Google and others being financially rewarded for turning over internal records.

These concerns are not lost on the administration, however. An addendum to the Executive Order required that all associated initiatives be carried out in alignment with Fair Information Practice Principles built off generally accepted privacy and civil liberties safeguards.