President Barack Obama has issued a much-anticipated Executive Order on cybersecurity. The White House released the executive order after cybersecurity legislation failed in the previous Congress. According to the White House, the order is designed to enhance information sharing, develop best practices, and ensure privacy.
To improve information sharing, the executive order will charge the Department of Homeland Security (DHS) with providing real-time information on cyber threats to companies that manage critical infrastructure as well as state and local governments.
Federal agencies will be required to provide information to companies that are targets of cybercrime. The order also requires DHS to expedite clearances for employees dealing with sensitive and classified information on cyberthreats.
Under the order, the National Institute of Standards and Technology (NIST) will work with private industry to identify “existing voluntary consensus standards and industry best practices.” This step will recognize those companies that already have strong cybersecurity and will put those companies “at the core of informing and driving the development of voluntary best practices.”
The best practices will not advance specific technology but will encourage the use of a range of products and services.
The order requires that government agencies involved in implementing cybersecurity policies incorporate privacy and civil liberties protections.