State of the Union

Obama announces cyber executive order during speech

State of the Union

President Barack Obama announced during the State of the Union address on Feb. 12 that he has signed an executive order on cybersecurity. (White House photo)

President Barack Obama on Feb. 12 signed an executive order on cybersecurity, aiming to strengthen the nation's critical infrastructure through cross-sector information-sharing and framework. He announced the move in his State of the Union address at just before 10 p.m. Eastern Time.

"We cannot look back years from now and wonder why we did nothing in the face of real threats to our security and economy," Obama said. "Now Congress must act as well, by passing legislation to give our government a greater capacity to secure our networks and deter attacks. This is something we should be able to get done on a bipartisan basis."

Accompanied by a presidential policy directive that updates 2003's Homeland Security Presidential Directive 7, Obama's plans build on cybersecurity measures already underway throughout the government and industry. It also includes new provisions for identifying the most pressing risks, establishing standards and disseminating data on cyber threats.

"It is the policy of the United States to enhance the security and resilience of the Nation's critical infrastructure and to maintain a cyber environment that encourages efficiency, innovation and economic prosperity while promoting safety, security, business confidentiality, privacy and civil liberties," the executive order states. "We can achieve these goals through a partnership with the owners and operators of critical infrastructure to improve cybersecurity information sharing and collaboratively develop and implement risk-based standards."

The order expands the current defense industrial base information-sharing program that has been in place since 2011 between the Defense Department and some private organizations, including top contractors. Under the voluntary Enhanced Cybersecurity Services program, which effectively takes the former pilot project a step further, is designed to exchange real-time threat data and help bolster protections.

"This voluntary information-sharing program will provide classified cyber threat and technical information from the government to eligible critical infrastructure companies or commercial service providers that offer security services to critical infrastructure," the order states.

The sharing of unclassified information also receives a boost in the order, which directs the attorney general, DHS secretary and director of national intelligence to produce within 120 days guidelines for agencies to produce, quickly disseminate and track unclassified reports on cyber threats.

Obama's directive includes plans to expedite the processes for issuing clearances for cybersecurity experts -- part of broader plans to attract and retain subject-matter experts from outside the government.

Among other key themes in the executive order include a focus on a "consultative process" for strengthening U.S. cybersecurity, including the participation of industry, academia, advisory councils and other stakeholders in the development of cyber strategies. There are also provisions for the establishment of voluntary guidance, standards and best practices -- much of which is delegated to the National Institutes of Technology, which is charged with developing baseline framework.

"The cybersecurity framework shall include a set of standards, methodologies, procedures and processes that align policy, business and technological approaches to address cyber risks," the document states. "The cybersecurity framework shall provide a prioritized, flexible, repeatable, performance-based and cost-effective approach, including information security measures and controls, to help owners and operators of critical infrastructure identify, assess and manage cyber risk."

Beyond the information-sharing and standardization efforts, the administration puts into place privacy and civil liberties protections based on the Fair Information Practice Principles. Furthermore, under the PPD, Obama also directs government agencies to review, refine and clarify existing cyber efforts, partnerships and regulations, as well as implement integration and analysis capabilities to help with planning and decision-making.

"This endeavor is a shared responsibility among federal, state, local, tribal and territorial entities, and public and private owners and operators of critical infrastructure," a White House fact sheet noted. "While there has been extensive work done to enhance both the physical and cyber security and resilience of critical infrastructure, this PPD will create a stronger alliance between these two intertwined components."

The executive measures, which have been in the works for months, come as the 113th Congress prepares to again take up cybersecurity legislation that failed last fall. On Feb. 13 Rep. Mike Rogers (R-Mich.) and Rep. Dutch Ruppersberger (D-Md.) are expected to reintroduce the Cyber Intelligence Sharing and Protection Act, a controversial bill that last year passed in the House but went no further.

The president also touched on the looming agency budget cuts, though he focused on the broader economic threats that sequestration poses come March 1. "These sudden, harsh, arbitrary cuts would … certainly slow our economy and cost hundreds of thousands of jobs," Obama said. He called on Congress to "work to pass a budget that replaces reckless cuts with smart savings."

About the Author

Amber Corrin is a former staff writer for FCW and Defense Systems.

The 2015 Federal 100

Meet 100 women and men who are doing great things in federal IT.

Featured

  • Shutterstock image (by venimo): e-learning concept image, digital content and online webinar icons.

    Can MOOCs make the grade for federal training?

    Massive open online courses can offer specialized IT instruction on a flexible schedule and on the cheap. That may not always mesh with government's preference for structure and certification, however.

  • Shutterstock image (by edel): graduation cap and diploma.

    Cybersecurity: 6 schools with the right stuff

    The federal government craves more cybersecurity professionals. These six schools are helping meet that demand.

  • Rick Holgate

    Holgate to depart ATF

    Former ACT president will take a job with Gartner, follow his spouse to Vienna, Austria.

  • Are VA techies slacking off on Yammer?

    A new IG report cites security and productivity concerns associated with employees' use of the popular online collaboration tool.

  • Shutterstock image: digital fingerprint, cyber crime.

    Exclusive: The OPM breach details you haven't seen

    An official timeline of the Office of Personnel Management breach obtained by FCW pinpoints the hackers’ calibrated extraction of data, and the government's step-by-step response.

  • Stephen Warren

    Deputy CIO Warren exits VA

    The onetime acting CIO at Veterans Affairs will be taking over CIO duties at the Office of the Comptroller of the Currency.

  • Shutterstock image: monitoring factors of healthcare.

    DOD awards massive health records contract

    Leidos, Accenture and Cerner pull off an unexpected win of the multi-billion-dollar Defense Healthcare Management System Modernization contract, beating out the presumptive health-records leader.

  • Sweating the OPM data breach -- Illustration by Dragutin Cvijanovic

    Sweating the stolen data

    Millions of background-check records were compromised, OPM now says. Here's the jaw-dropping range of personal data that was exposed.

  • FCW magazine

    Let's talk about Alliant 2

    The General Services Administration is going to great lengths to gather feedback on its IT services GWAC. Will it make for a better acquisition vehicle?

Reader comments

Wed, Feb 13, 2013

There goes the last Media (the Internet) for Freedom of Speech. Another Liberty removed.

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above