According to Bloomberg, President Obama plans to release an executive order on cybersecurity soon after the State of the Union address. The State of the Union address is scheduled for Tuesday, February 12.
The administration, which has been drafting the order for at least six months, plans to set up voluntary cybersecurity standards for owners and operators of critical infrastructure such as water treatment plants, electric utilities and railway systems.
Here’s an excerpt from the Bloomberg article:
“The administration is preparing the order amid recent cyber attacks including the security breach of a U.S. Federal Reserve website, intrusions at the New York Times and other newspapers attributed to Chinese hackers, and denial-of-service attacks that disrupted websites of U.S. banks.
The order directs federal agencies to consider incorporating the cybersecurity standards into existing regulations, according to the officials. It directs the government to share more information about computer threats with the private sector and issue more security clearances allowing industry representatives to receive classified information, the officials said.”
Recent European actions on cybersecurity
Meanwhile, eWeek and Theverge.com reported on European plans to toughen cybersecurity rules for their important infrastructure. Although the rules are draft at this point, the European Commission’s proposals are coming at an interesting time – showing international concern on cyber is now at an increased level.
“The threat of cyberattacks haven't just been a concern of the United States, either. The European Union announced a plan of its own yesterday, which would require stock exchanges, banks, hospitals, and other companies to conform to more rigorous network security standards — and could even require companies that control important infrastructure to disclose any attacks publicly. The European proposal is a draft at this point, but if adopted could require US companies that do international business to conform to the standards.”
The European rules would require an audit of all critical infrastructure, and according to one source, this could be very problematic to actually implement.
The Sophos security blog called the European plans a “nice try” – adding that we need, “more clarity on objectives and more specifics on implementation….”
Rogers: America is losing the cyber war
And perhaps the biggest news event of the past week came from the opinion column written for the Detroit Free Press by U.S. Representative Mike Rogers, who articulated the view that America is losing the cyber war vs. China. This article does an excellent job of explaining our current cyber situation in clear, compelling language:
“What is currently happening to American intellectual property may be the largest transfer of wealth in the history of the world. A senior intelligence official recently stated that the amount of stolen intellectual property is equal—and now exceeding-- to that of the entire library collection at the Library of Congress. This activity can no longer just be a cost of doing business with China. China is literally attempting to steal our way of life….
The U.S. government has classified cyber threat intelligence that, if shared with private sector, could help the private sector better defend its own networks. Currently, the vast majority of private sector does not have access to this vital data. Developed in close consultation with broad range of private sector companies, trade groups, privacy and civil liberties advocates, and the executive branch, the bill enjoys the support of virtually every sector of the economy.
With simple, targeted legislation we can make a common-sense change that would take an important step to protect American computer networks from cyber theft and cyber attacks…."
What’s different this time?
Of course, this is not the first time that cyber legislation and White House executive orders have been predicted. Last year, there were many predictions, including mine, of an impending executive order and the impact of possible new laws regarding cybersecurity standards for protecting critical infrastructure.
So what is different this time?
The reelection of President Obama as well as the increasing number and scope of cyberattacks against every sector of the U.S. economy will make more action from the federal government both necessary and inevitable. In my view, we simply cannot keeping doing the same things and expect different results.
I believe that U.S. Rep Rogers has it right. Our way of life in America is at stake. As a country, we love our smartphones, cloud computing, innovation and technology in general, but we need to be prepared to do more to protect all sectors of our economy from those who would do us harm. Since Congress seems unable to pass bipartisan legislation on cybersecurity, I am not surprised by this step from the White House. Get ready for an EO on cyber.
What are your thoughts? Is February, 2013, the right time for an EO on cybersecurity?
Daniel J. Lohrmann is an internationally recognized cybersecurity leader, technologist, keynote speaker and author.
During his distinguished career, he has served global organizations in the public and private sectors in a variety of executive leadership capacities, receiving numerous national awards including: CSO of the Year, Public Official of the Year and Computerworld Premier 100 IT Leader.
Lohrmann led Michigan government’s cybersecurity and technology infrastructure teams from May 2002 to August 2014, including enterprisewide Chief Security Officer (CSO), Chief Technology Officer (CTO) and Chief Information Security Officer (CISO) roles in Michigan.
He currently serves as the Chief Security Officer (CSO) and Chief Strategist for Security Mentor Inc. He is leading the development and implementation of Security Mentor’s industry-leading cyber training, consulting and workshops for end users, managers and executives in the public and private sectors. He has advised senior leaders at the White House, National Governors Association (NGA), National Association of State CIOs (NASCIO), U.S. Department of Homeland Security (DHS), federal, state and local government agencies, Fortune 500 companies, small businesses and nonprofit institutions.
He has more than 30 years of experience in the computer industry, beginning his career with the National Security Agency. He worked for three years in England as a senior network engineer for Lockheed Martin (formerly Loral Aerospace) and for four years as a technical director for ManTech International in a US/UK military facility.
Lohrmann is the author of two books: Virtual Integrity: Faithfully Navigating the Brave New Web and BYOD for You: The Guide to Bring Your Own Device to Work. He has been a keynote speaker at global security and technology conferences from South Africa to Dubai and from Washington, D.C., to Moscow.
He holds a master's degree in computer science (CS) from Johns Hopkins University in Baltimore, and a bachelor's degree in CS from Valparaiso University in Indiana.
Follow Lohrmann on Twitter at: @govcso
Building effective virtual government requires new ideas, innovative thinking and hard work. From cybersecurity to cloud computing to mobile devices, Dan discusses what’s hot and what works in the world of gov tech.