The Obama administration recently released an Executive Order, "Improving Critical Infrastructure Cybersecurity" recognizing cyber threats as one of the most serious national security challenges. For the text of the order, click here.
This action is intended to strengthen the cyber security of the United States by increasing information sharing between the government and critical infrastructure. Critical infrastructure is defined as "systems and assets, whether physical or virtual, so vital to the United States that the incapacity or destruction of such systems and assets would have a debilitating impact on security, national economic security, national public health or safety, or any combination of those matters."
The Order expands existing cyber security programs to enable real-time sharing of cyber threat information to critical infrastructure companies. It also authorizes the National Institute of Standards and Technology (NIST) to work with critical infrastructure to develop a national cyber security framework.
The Order paves the way for new information sharing programs providing both classified and unclassified threat and attack information to U.S. companies. It establishes a voluntary program to promote the adoption of the cyber security framework, while providing for a review of existing cyber security regulations. The Order is not directly aimed at the private sector, but it does require the Department of Homeland Security to identify critical infrastructure, which may include infrastructure owned in the private sector. Moreover, the financial services industry is identified in the Order which observes that financial cyber threats are a national security challenge.
The Executive Office's focus on the potential impact of cyber threats shows a renewed focus on security safeguards, which can have widespread impact across many industries.
