Draft White House cyber order signals pending re-org

A draft of a new executive order on cybersecurity hints at new organizational changes and legal authorities aimed at strengthening civilian agency networks' cybersecurity capabilities.

The draft order, published by the Washington Post on Jan. 26, tells federal agencies to begin a review of the most pressing cybersecurity issues. It also calls on the Department of Homeland Security to report on "enhanced protections" for the most critical federal government, public and private infrastructure within 60 days.

One finding in the draft order suggests possible reorganization of some departments charged with protecting civilian and government critical infrastructure.

"The executive departments and agencies tasked with protecting civilian government and infrastructure are not currently organized to act collectively/collaboratively, tasked or resourced, or provided with legal authority adequate to succeed in their missions," it said.

That might be good news for DHS' stalled plan to reorganize and rename the National Protection and Programs Directorate the Cybersecurity and Infrastructure Protection Agency and bind cyber and physical security capabilities more closely to better reflect the links between security threats. The plan stalled on Capitol Hill in the fall. Rep. Michael McCaul (R-Texas), the chairman of the House Homeland Security Committee, is expected to reintroduce the legislation to reprogram NPPD.

The order might mean less of a role for the Office of Management and Budget, which currently plays a leading role in civilian cybersecurity. No one from OMB, including the federal CIO, is tasked with a senior role. Under the Obama administration, the governmentwide cybersecurity goal was led by cybersecurity coordinator Michael Daniel and senior officials from the Defense Department and DHS, along with Federal CIO Tony Scott.