Even though Congress failed to approve a cyber-security bill last year, President Barack Obama is apparently moving ahead with his plan to issue his own executive order on the controversial topic.
News reports said Obama this week will sign an executive order detailing standards for critical infrastructure and key industries in case of cyber attacks. It will also include details on information-sharing between the business sector and the government, CNN reported.
Obama would like to see the current Congress to pass a bill on the topic – which would likely be more far-reaching.
The topic may come up during Tuesday night’s State of the Union address – to be given by Obama. The order may come out on Wednesday.
“‘Our biggest issue right now is getting the private sector to a comfort level so they can report anomalies, malware, incidents within their network’ without undue fear of being ‘outed’ as victims,” FBI Executive Assistant Director Richard McFeely told Reuters.
Under the expected presidential order, the Department of Homeland Security (DHS) would reportedly have the lead role in protecting critical U.S. infrastructure.
U.S. critical infrastructure is largely operated by the private sector. Yet many Republicans want the Department of Defense to have the key role to protect critical infrastructure.
Under the order, businesses would collaborate with the National Institute of Standards and Technology to develop standards for cyber security, and then businesses and regulators would derive ways to implement the standards, Reuters said.
It appears the standards are voluntary unless businesses are involved in critical infrastructure.
Last October, Obama signed a limited “secret directive” to prevent cyber attacks on computer networks.
The Washington Post said the document signed by the President is “Presidential Policy Directive 20,” and lists standard procedures for government agencies, including the military, to combat cyber threats.
In other parts of the world, cyber security is an important issue as well. The British government has joined other nations and individual companies in a World Economic Forum initiative to prevent cyber attacks.
The U.K. government signed the Partnering for Cyber Resilience document, TechZone360 said. It involves over 70 companies and governments across 25 nations. It includes several principles on technology risks. Some of these relate to cooperation against cyber threats; more risk management to increase cyber security; and getting partners and suppliers to adopt the principles.
Several companies have signed the document, such as Gemalto, which provides digital security. Other business members are ABSA, BT, HSBC, TATA consultancy services, Thomson Reuters and Visa.
In addition, this month a new proposal would expand Europe’s response to cyber incidents far beyond current requirements.
“Under our proposal, sectors using telecoms networks in ways vital to our economy and society – energy, transport, banking, healthcare, and key Internet companies – would have to manage risks and report significant incidents, as we already require for the telecoms sector,” Neelie Kroes, vice president of the European Commission responsible for the Digital Agenda, said in a recent speech.
The nations that comprise the European Union would also need to identify authorities for network and information security, as well as computer emergency response teams, according to the plan. Information would be shared among member states and there would be other forms of cooperation.
Businesses would have a role to play as well.
There has been mounting concern about cyber threats coming from such nations as Iran and China. Cyber-espionage is also seen as an increasing economic problem for the United States and elsewhere, The Associated Press reported.
Edited by Braden Becker