Executive Order – Improving Critical Infrastructure Cybersecurity

The White House issued a press release on February 12, 2013 that included the President’s Executive Order on cybersecurity.  The Order is the administration’s initiative to work “in partnership with the owners and operators of critical infrastructure to improve cybersecurity information sharing and collaboratively develop and implement
risk-based standards.”

Digital Globe

This Executive Order fills something of a void left by orphaned Congressional proposals.  Earlier legislative proposals were criticized as  not going far enough to protect consumer’s privacy interests (data collection issues); other proposals were criticized as being too heavy-handed on the so-called critical infrastructure entities (requiring utilities, transportation/shipping to share data).  The Order specifically cites “Critical infrastructure,” without specifically defining what/who is included in that group. Commentators believe the initiative will affect a great deal of economic activity, not to mention the broadest possible spectrum of relevant technologies.  The Order also incorporates the FIPPs – Fair Information Privacy Principles, which are a set of eight principles rooted in the tenets of the Privacy Act of 1974.


The National Institute of Standards and Technology have already instituted a new cybersecurity framework in conjunction with the Order.  This is a set of voluntary standards and best practices to guide industry in reducing cyber risks to the networks and computers that NIST says are vital to the nation’s economy, security and daily life.   http://www.commerce.gov/news/press-releases/2013/02/13/national-institute-standards-and-technology-initiates-development-new

For further comments, see:


And, see renewed Congressional effort: The President’s Executive “order allows the sharing of government data with the private sector, the data sharing doesn’t flow back the other way. That means the order, unlike CISPA, doesn’t raise the hackles of privacy groups that have protested that CISPA could grant immunity to private sector firms who want to share their user’s personal information with the government.”  CISPA is Cyber Intelligence Sharing and Protection Act; the legislation passed the House last year but did not reach a vote in the Senate.

For further details:


See also: http://www.pcmag.com/article2/0,2817,2415413,00.asp