While congress has yet to reach any sort of lasting solution regarding the nations growing cyber security problems, President Barack Obama has decidedly taken the first big step in an executive order signed earlier today.
The executive order places the National Institute of Standards and Technology with the responsibility of creating cyber security standards for organizations and industries that are of great importance to the country, such as transportation, utilities (water and electric), and healthcare. The department of Homeland Security will then work with businesses and industry groups on a volunteer basis to ensure that the standards are being met properly as well as come up with incentives to get more organizations/businesses on board.
The executive order would also create a new initiative for businesses to share their cyber security data with a centralized organization that could make sense of it, and allow security experts to advise on how to prevent future attacks.
Right now the biggest deterrent in getting businesses and other organizations to get on some kind of standard cyber security plan is that most don’t want to be held liable for security breaches due to failure of these self-imposed regulations. However, if congress passes new legislation regarding cyber security standards, that could change.
Last year the House passed legislation call CISPA, or the Cyber Intelligence Sharing and Protection Act, which would have addressed many of the concerns businesses and other organizations had about a cyber security standards. The bill sought to give American companies more legal breathing room (protection against lawsuits) when collecting and sharing consumer/user data for the purpose of preventing massive Internet security threats. However, CISPA had few guarantees that it wouldn’t grossly violate an individual’s privacy rights, and initially faced of a presidential veto threat). The White House eventually put a stamp of approval on a revised version of the bill, which failed a vote in the Senate.
Now, that same House bill is tentatively headed back to the floor for another vote Wednesday, meaning congress has one more chance to pass the White House-approved version.
This is an issue that President Obama clearly understand is important (having highlighted it specifically in tonight’s State of the Union address), and his executive order essentially lays the groundwork for the CISPA bill to pass, should that happen.
You can read full text of the cyber security executive order in the document embedded below.