Obama’s Cyber Executive Order Lays Foundation for Mandatory Regulations
February 12, 2013
Late Tuesday, President Obama signed an executive order on cybersecurity that offers industry more carrots than sticks to lay the groundwork for eventually mandating security standards and corresponding privacy protections.
The long-awaited order and accompanying policy directive, which Obama signed before delivering his State of the Union address, call for the Homeland Security Department to lead a voluntary public-private approach to securing private networks.
"America must face the rapidly growing threat from cyberattacks," Obama said in Tuesday's address. "We know hackers steal people’s identities and infiltrate private email. We know foreign countries and companies swipe our corporate secrets. Now our enemies are also seeking the ability to sabotage our power grid, our financial institutions, and our air traffic control systems. We cannot look back years from now and wonder why we did nothing in the face of real threats to our security and our economy."
Until Congress authorizes new powers, the administration cannot force businesses to shield their computers or disclose computer breaches, which experts say are key to stopping intrusions by increasingly sophisticated actors and hostile nations. The thinking behind the executive order is that taking one year to achieve consensus with industry on voluntary information-sharing and security controls will enable new laws to immediately take effect, whenever Congress acts.