The Obama administration has been circulating a draft for an executive order focused on protecting the country from cyber-attacks. Following a proposed cybersecurity bill from Sen. Joe Lieberman (I-Conn.) that was blocked last month by Senate Republicans, the new draft proposes to codify standards and suggest best practices for critical infrastructure. The draft proposal has been sent out to relevant federal agencies.
After the first senate bill died, the White House counterterrorism advisor, John Brennan recommended that an executive order be issued to ensure power, water and transportation networks are secure.
“An executive order is one of a number of measures we’re considering as we look to implement the president’s direction to do absolutely everything we can to better protect our nation against today’s cyber threats,” said White House spokeswoman Caitlin Hayden. “We are not going to comment on ongoing internal deliberations.”
The proposed order would use the following system:
• Would setup an inter-agency council led by the Department of Homeland Defense
• Members would include the DOD, Commerce Department and possible other representatives from the Department of Energy, Treasury Department, the attorney general and the director of national intelligence.
• DHS would manage the program.
• Commerce Department’s National Institute of Standards and Technology (NIST) would help to craft the framework of the program and work with private sector companies to develop cyber-security best practices and guidelines.
• DHS would receive guidance from NIST and work with ‘sector coordinating councils’ to determine which industry sectors are considered as critical infrastructure as well as determining what standards the industry participants are to follow.
• It would be left up to the companies to decide what actions they would take to meet the standards.
One of the main issues still under discussion involves the kinds of incentives the government will offer critical infrastructure operators to entice them into the program as the executive branch is limited in the types of incentives that it can offer companies, and much of this power resides within Congress.
Some opponents of the proposed order are not in favor of a join program led by the DHS and point to their previous track record in leading national security efforts.