Obama signs cybersecurity executive order ahead of State Of The Union

Obama signs cybersecurity executive order ahead of State Of The Union

Summary: President Obama unexpectedly signed an executive Order on cybersecurity prior to tonight's State of the Union address. UPDATED: Links to the Order and "new" CISPA added.

TOPICS: Security

President Obama signed an executive order aimed at bolstering U.S. cybersecurity prior to tonight's State of the Union address. The Order precedes a House Homeland Security Committee hearing on "new threats."

It is the government's latest move in attempting to deal with cyber threats, and the order has not undergone any public technical, rights-based, or privacy review.

President Obama giving the State of the Union Address. (Credit: CBS News, via broadcast)

The Order "enables the government to share more information with private industry partners and developing a new framework of practices to reduce cybersecurity risks."

President Barack Obama's Improving Critical Infrastructure Cybersecurity Executive Order is to "maximize the utility of cyber threat information sharing" - although the document does not define 'cyber threat', 'cyber intrusions' or exactly what will be shared for its information sharing provisions.

The Order requires the Attorney General, the Secretary of Homeland Security (the "Secretary"), and the Director of National Intelligence to issue implemenation instructions within 120 days.

Privacy and digital rights may take a back seat as the assesment of privacy concerns and civil liberties risks is being kept in-house.

The Chief Privacy Officer and the Officer for Civil Rights and Civil Liberties of the Department of Homeland Security will assess the privacy and civil liberties risks of the Order and make 'recommendations' a year after today's signing.

The Order puts the Department of Homeland Security in charge of creating ways to share information between entities, but does not define or explain how this will be done without enacting critical privacy violations of citizens.

The White House has put together this Fact Sheet on the new Order, though the listed items do not include the privacy and civil liberties points in the Order.

As the Order was signed, the Obama administration released a "Presidential Policy Directive."

The Directive is actualization of the administration's intent to update the national approach to critical infrastructure security.

The directive aims to bridge certain infrastructure's physical security and cybersecurity—likely energy resources, telecommunications, and water systems.

It also puts for a plan to, "identify critical infrastructure where a cybersecurity incident could reasonably result in catastrophic regional or national effects on public health or safety, economic security, or national security."

After tonight's State of the Union address, tomorrow Congress will hold a hearing called "A New Perspective on Threats to the Homeland" to talk about what it will define as new threats, including drug cartel action at the borders and cyber-attacks on infrastructure.

According to sister site CBS News:

The executive order establishes new information sharing between the private and public sectors, providing classified and unclassified threat information to U.S. companies. It requires federal agencies to produce unclassified reports of threats to U.S. companies and requires the reports to be shared in a timely manner. It also opens up a real-time information sharing program, currently open to the defense industry, to other sectors.

The order also directs the National Institute of Standards and Technology (NIST), a federal agency, to develop a new cybersecurity framework to reduce cyber risks to critical infrastructure. It calls on agencies to incorporate privacy and civil liberties safeguards, based in part on the Fair Information Practice Principles, into their cybersecurity efforts and requires agencies to conduct regular, public assessments of their privacy and civil liberties standards.

According to Bloomberg: "The administration has been drafting an executive order on computer security since at least last fall, before the Senate failed in its second attempt to pass Obama-backed legislation to create cyber standards for companies."

News of the order comes just after House Intelligence Committee Chairman Mike Rogers announced last Friday they will reintroduce the controversial CISPA cybersecurity bill—the Cyber Intelligence Sharing and Protection Act—on February 13.

Here is a copy of CISPA as it is now (the bill remains unchanged).

CISPA's primary function is to remove legal barriers that might keep Internet companies from giving all your communication and information to the government, or even to other companies.

It allows "cyber entities," such as Internet service providers, social networks like Facebook and Twitter, and cell phone companies like AT&T, to circumvent Internet privacy laws when they're pressured by U.S. Homeland Security to hand over or shut down almost anything of yours online that the government wants.

No warrant would be needed to access this personal, sensitive citizen data.

CISPA is accurately described as a setup to wipe out decades of consumer privacy protections, giving the U.S. government unprecedented access to individuals' online data and communications.

Topic: Security

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


Log in or register to join the discussion
  • I'm not big on "Frameworks"

    But at least this isn't CISPA, and NIST does have some tech know how (relatively speaking.)

    But that CISPA bill, needs to die a painful, permanent death, and useless idiots like Mike Rogers need to be told that they are useless idiots.
    • That is what you think

      .... how much you want to bet that this is about the same ... with a different name?
      • Because it isn't

        Most privacy groups seem OK with with it and more pro-active cyber warfare types think it doesn't go far enough, so is seems to have hit a middle ground.
    • You can't stop CISPA

      The people who it will affect mostly don't understand or don't care, so who will be left to fight it? The masses already volunteer away their privacy on FB and Twitter, what makes you think anyone's going to bat an eye over CISPA?
    • Someone here said "At least this isn't CISPA..." Let's address this.

      One of the commenters said "At least this isn't CISPA." You are taking the approach, at least implicitly, that the Executive Order style to net governance is somehow good. Then someone jumped in and said "most privacy groups seem OK with it" -- if by most privacy groups, you mean the @ACLU, they are being roundly condemned already for their quick blessing of the Executive Order. As for the commenter who thought that "most pro-active cyber-warfare types don't think it goes far enough" in terms of CISPA or the CISPA Executive Order, you obviously must not have tuned into the strong objections of many of the cybersecurity community during the panels relating to offensive defense at #SnSDC, or else you would not have made that comment. In fact, the Executive Order arguably isn't even legal, as was pointed out in my comments on a ZDNET article before the Executive Order was even publicly released (at which time I had managed to read a copy of it anyway). Comments are here http://www.zdnet.com/privacy-killer-cispa-is-coming-back-whether-you-like-it-or-not-7000011056/ and also on reddit, here: http://redd.it/189mau Happy reading.
      • It was one comment I made

        That said both. Besides the ACLU, the Electronic Frontier Foundation is also OK with it, so I'm not so sure about your "roundly condemned" claim. As far who has been claiming that it doesn't go far enough, there are plenty of examples of that, including even here are ZDNet where David Gewirtz thought Obama didn't go far enough. As far as the Suits n Spooks crowd goes, to be blunt, I consider them to be part of the problem so their opinions mean nothing.
  • So, this may explain..

    An almost doubled 'hit-rate' against my router since the 7th of this month.. DISA, NASA, UofMaryland, SUNET/NORDNET, China, UofMichigan, etc.. Traffic is on the upswing for open ports, or similar... Lots of interested parties, looking for any/all paths into my servers, machines.