The executive order, similar to previously leaked drafts, calls for the private sector to work –on a voluntary basis– with the government to protect the nation’s critical infrastructure and information from looming cyber threats.
“The cyber threat to critical infrastructure continues to grow and represents one of the most serious national security challenges we must confront,” stated the E.O. “It is the policy of the United States to enhance the security and resilience of the Nation’s critical infrastructure and to maintain a cyber environment that encourages efficiency, innovation, and economic prosperity while promoting safety, security, business confidentiality, privacy, and civil liberties.”
However, critics of the executive order were quick to claim that it would not provide a clear path forward for maintaining privacy and civil liberties.
“While I am pleased that the president is prioritizing cybersecurity, the executive order he signed today is unable to provide liability protections,” Rep. Michael McCaul (R-Tex.), chairman of the House Homeland Security Committee, said in a statement. “This will stifle threat information-sharing needed to detect and thwart cyber attacks. I am also concerned his order will increase regulations on industry, which would also impede voluntary information sharing.”
But Republican Sens. John McCain (Ariz.), Saxby Chambliss (Ga.) and John Thune (S.D.) expressed concerns that the executive order would not be enough to protect the nation from cyber attacks.
“The president’s executive order cannot achieve the balanced approach that must be accomplished collaboratively through legislation and with the support of the American people,” the senators said in a statement. “As the 113th Congress gets underway, the Senate should follow regular order and craft legislation that will have an immediate impact on our nation’s cybersecurity without adding or prompting regulations that could discourage innovation and negatively impact our struggling economy.”
Speaking for the financial industry, which has faced a number of targeted cyber attacks in recent months, Frank Keating, president and CEO of the American Bankers Association, acknowledged the E.O. as a step in the right direction.
“President Obama’s executive order provides important direction to the public sector on the need to share information associated with threats to our critical infrastructures,” Keating said in a statement. “Banks and other financial services companies… have invested an enormous amount of time, energy and money to put in place the highest level of security among critical sectors, and we are subject to the most stringent regulatory requirements. We look forward to continuing to work with the administration and Congress toward our mutual goal of protecting our nation’s critical assets.”
Defense contractor SAIC also touted the order as “an important first step to increase vital threat sharing across the nation to protect national security.”
“We’re optimistic that this recent focus on securing the critical infrastructure will help to remove the barriers and impediments for commercial organizations to share, as well as help to more rapidly grant approvals to extend the mechanisms needed to protect critical infrastructure so that the pace of approving advanced technology falls in sync with the pace of cyber,” Peder Jungck, chief technology officer for SAIC told ClearanceJobs in a written statement.
“We look forward to partnering with the administration as it implements the president’s executive order to ensure that cybersecurity measures continue to go hand in hand with technology innovation,” said BSA President and CEO Robert Holleyman.
Yet while some companies are already on board to collaborate with the Obama administration, the big focus of the executive order falls on the fact that private sector entities can choose whether they want to work with the government or not. With the voluntary provision in play, the cyber E.O. will undoubtedly raise new debates on Capitol Hill and calls for congressional legislation to make the measures mandatory.