Prior to his State of the Union address, President Obama signed an executive order requiring federal agencies to produce unclassified reports of threats to U.S. companies and ensure that those reports are shared in a timely manner. It also opens up a real-time information sharing program that is currently, for the most part, only open to the defense industry. In addition, it requires the Department of Homeland Security’s Chief Privacy Officer to publicly release a report on privacy and digital civil liberty effects of its actions within a year.
According to CBS News, the order also directs the National Institute of Standards and Technology (NIST), a federal agency, to develop a new cybersecurity framework to reduce cyberrisks to critical infrastructure. In addition, it calls on agencies to incorporate privacy and civil liberties safeguards into their cybersecurity efforts and conduct regular, public assessments of those safeguards.
Forbes reports that the “Department of Homeland Security and the Director of National Intelligence will be able to share unclassified threat data with companies that might be vulnerable to attackers, and also share classified information with operators of critical infrastructure–what the order defines as ‘systems and assets, whether physical or virtual, so vital to the United States that the incapacity or destruction of such systems and assets would have a debilitating impact’ on the nation’s security, economy, health or safety.
The order comes on the heels of House Intelligence Committee Chairman Mike Rogers’ announcement that CISPA, the Cyber Intelligence Sharing and Protection Act would be reintroduced in the House.
CISPA, which did pass the House, but did not get Senate approval last time, would remove many of the legal barriers and grant immunity to Internet organizations such as IPs and social networking companies which shared user communications and information with the government.
Unlike CISPA, President Obama’s executive order mandates that while the government would share information and data with the private sector, the reverse would not be the case. CISPA’s lack of privacy restrictions brought it under fire from civil libertarians of every stripe from the liberal Reporters Without Borders, to the conservative Cato Institute.
Forbes reports the American Civil Liberties Union saying, “The president’s executive order rightly focuses on cybersecurity solutions that don’t negatively impact civil liberties. For example, greasing the wheels of information sharing from the government to the private sector is a privacy-neutral way to distribute critical cyber information.”
Lee Tien of the Electronic Frontier Foundation noted that the President’s executive order isn’t a substitute for legislation because it doesn’t carry the same weight to compel companies and agencies to follow new regulations. President Obama agreed, calling on Congress to enact legislation to “to give our government a greater capacity to secure our networks and deter attacks.”
A complete text of the President’s remarks on cybersecurity in the State of the Union address follows:
America must also face the rapidly growing threat from cyber-attacks. We know hackers steal people’s identities and infiltrate private e-mail. We know foreign countries and companies swipe our corporate secrets. Now our enemies are also seeking the ability to sabotage our power grid, our financial institutions, and our air traffic control systems. We cannot look back years from now and wonder why we did nothing in the face of real threats to our security and our economy.
That’s why, earlier today, I signed a new executive order that will strengthen our cyber defenses by increasing information sharing, and developing standards to protect our national security, our jobs, and our privacy. Now, Congress must act as well, by passing legislation to give our government a greater capacity to secure our networks and deter attacks.