President Barack Obama on Tuesday signed a much-anticipated executive order intended to develop the nation’s defenses against cyberattacks, but the effort has already raised constitutional and regulatory concerns.
The order, called “Improving Critical Infrastructure Cybersecurity,” establishes a two-year timeline during which the federal government will determine what constitutes critical “physical or virtual” infrastructure, and establish security standards to keep those assets safe.
The order also attempts to take into consideration privacy and civil liberties concerns that have caused digital-rights activists to continue to lobby legislators against rushing into creating laws to regulate the Internet.
The development of the standards — called the “Cybersecurity Framework” —- will be led by the director of the National Institute of Standards and Technology (NIST).
“The Cybersecurity Framework shall include a set of standards, methodologies, procedures, and processes that align policy, business, and technological approaches to address cyber risks,” says the order.
A “Cyber Information Sharing” section of the order also calls for the secretary of homeland security, the attorney general and the director of national intelligence to each issue unclassified reports on cyberthreats against the U.S.
The order, which comes at a time when cyberattacks on the federal government and private companies are reportedly on the rise, was accompanied with a Presidential Policy Directive to provide guidance on the execution of the order.
During the State of the Union Address on Tuesday evening, Obama stated, “America must also face the rapidly growing threat from cyberattacks.”
“We know hackers steal people’s identities and infiltrate private e-mail,” said Obama.
“We know foreign countries and companies swipe our corporate secrets,” he said. “Now our enemies are also seeking the ability to sabotage our power grid, our financial institutions, and our air traffic control systems.”
“We cannot look back years from now and wonder why we did nothing in the face of real threats to our security and our economy,” he added, urging Congress to pass legislation to accompany the order.
House Homeland Security Chairman Michael McCaul responded favorably to the order, stating that he was “pleased that the president’s executive order establishes the Department of Homeland Security as having a lead role in cybersecurity—to rapidly disseminate both unclassified and classified cyber threat reports, to strengthen public-private partnerships and to coordinate national protection of our critical infrastructure.”