After numerous delays and debates, United States President Barack Obama has finally signed the long-awaited cybersecurity executive order.
The executive order highlights the fact that “cyber threat to critical infrastructure continues to grow” and that the country’s national and economic security depends on the reliable functioning of these systems.
As expected, the Department of Homeland Security (DHS) will be tasked with developing a voluntary information sharing program that “will provide classified cyber threat and technical information from the Government to eligible critical infrastructure companies or commercial service providers that offer security services to critical infrastructure.”
According to a fact sheet, there are three strategic imperatives: refining and clarifying functional relationship across the federal government, enabling effective information exchange, and implementing an integration and analysis function aimed at informing planning and operations decisions regarding critical infrastructure.
In order to accomplish these tasks, the White House says there are six steps that must be taken. For each one of them, a deadline has been given.
For instance, in a maximum of 120 days, the functional relationships within the Department of Homeland Security and across the federal government related to critical infrastructure resilience and security must be described.
Within 150 days, the existing public-private partnership model must be assessed and recommendation for its improvement must be made.
Within 2 years, the national critical infrastructure security and resilience research and development plan must be completed.
President Obama emphasizes the fact that the measures taken must not pose any risks to civil liberties and privacy.
The order does not provide any details, but the chief privacy officer and the officer for civil rights and civil liberties of the Department of Homeland Security (DHS) are given one year to assess the privacy and civil liberties risks of the functions and programs undertaken by DHS.
Within this year, they must release a report that will be made publicly available.