The federal government is making significant progress in implementing an executive order to improve critical infrastructure cybersecurity, according to a key White House official.
The order, which President Obama issued in February, calls for increased cyber threat information-sharing with industry, the adoption of cybersecurity best practices and standards, and enhanced privacy protections.
“I think it’s going incredibly well and I’m very pleased with the level of participation from industry that we’re seeing and how that is developing,” said Michael Daniel, a special assistant to the president and the White House cybersecurity coordinator.
Addressing a cybersecurity summit last week in Washington, D.C., Daniel said the federal government is improving the quality, timeliness and volume of information it provides to the private sector. It is accelerating the provision of clearances to critical infrastructure owners and operators; declassifying as much information as possible; and expanding the number of companies approved to receive threat information and use it to offer services to critical infrastructure entities.
The National Institute of Standards and Technology (NIST) has published a draft voluntary framework of standards and industry best practices for reducing cyber risks to critical infrastructure, and the next draft is on track to be published in mid-October, Daniels said. The government is developing incentives for adopting the framework. Areas being looked at include spurring an insurance market for cybersecurity, looking at how to build cybersecurity into federal grants, streamlining regulations and instituting public recognition programs.
The federal government has also completed a list of critical infrastructure at greatest risk of cyber threats and is in the process of notifying entities that are on the list, Daniels reported.
“As you might imagine, we’re not actually going to publish the list since we don’t intend to actually give our adversaries a target list,” he said.
In the privacy arena, the government is looking at how to ensure that privacy and civil liberties protections are built into everything it does in cybersecurity, Daniels said. A report on these efforts is due in February.
Daniel outlined several “particularly troubling” trends facing government and industry. Cyber attacks are becoming more destructive, sophisticated and easier to mount. In addition, the threat is becoming “broader and more diverse” as the number and types of devices connected to the Internet continue to grow.
“Pretty soon, your coffee machine will be a threat vector,” he said. “Your refrigerator — you’ll have to worry about whether somebody’s hacking in.”
