Main Nav

Cybersecurity Executive Order Gaining Momentum

Now that the Obama administration has maintained control of The White House, the effort is intensifying to establish an Executive Order to establish a cybersecurity framework for critical infrastructures and promote information sharing.  With a politically divided Congress -Republicans retaining their majority in the House and Democrats holding on to the control of the Senate - it is unlikely that comprehensive cybersecurity legislation will pass during the lame duck session, especially with bigger issues on the table such as avoiding the fiscal cliff.

EDUCAUSE Policy staff have received a draft of the Executive Order and in a recent meeting with White House staff and other government officials were able to learn more about the substance of the order and the process that is being followed.  The imminent concern and proposed policy of the draft order currently reads as follows:

"The national security of the United States depends on the reliable functioning of the Nation's critical infrastructure in the face of such threats.  It is the policy of the United States to enhance the protection and resilience of the Nation's critical infrastructure and to maintain a cyber environment that encourages efficiency, innovation, and economic prosperity while promoting safety, security, privacy, and civil liberties."

The preparation of the order is the result of an interagency effort that includes the Department of Homeland Security, Department of Commerce, Department of Justice, and others.  While government officials appear open to input and emphasize the importance of consultation, they warn that due to executive privilege the process is not necessarily as collaborative or deliberative as would be the case in the legislative branch of government.  Nonetheless, there appears to be genuine interest in getting it right and a grave concern that we must move quickly to improve our nation's protection of critical infrastructure.

The information sharing provisions remain the most controversial parts of the proposal, with privacy and civil liberties concerns a key consideration as private sector companies exchange information with the government.  The Executive Order, however, must operate within the confines of existing law and regulatory authority so there is probably little that the government can do to develop incentives or provide for liability protections as a result of the Order.  The government has emphasized that even if an Executive Order is issued that it will continue to pursue comprehensive cybersecurity legislation through the Congress.


Tags from the EDUCAUSE Library