President Obama on Tuesday signed two orders tasking federal regulators to enforce cybersecurity standards for banking, telecommunications, energy and other industries, according to White House officials.
An executive order and an accompanying presidential directive make “use of existing authorities and partnerships” with the private sector, said a senior administration official, speaking on condition of anonymity to brief reporters.
The orders give government scientists a year to devise a “baseline framework” for cybersecurity incorporating “voluntary consensus standards and industry best practices,” the official said.
The aim is to protect the computer systems of key industries from cyberattacks by hackers, criminals, spies and enemy states.
The cybersecurity orders, which Mr. Obama highlighted in his State of the Union address Tuesday, were welcomed by the chairman and ranking member of the House Permanent Select Committee on Intelligence.
“We will closely review the President’s executive order once it is released but we agree that our biggest barriers to bolster our cyber defenses can be fixed only with legislation,” Reps. Mike Rogers, Michigan Republican and committee chairman, and C.A. “Dutch” Ruppersberger, Maryland Democrat, said in a statement.
Work on the executive order, which will rely on existing U.S. regulatory authorities and voluntary standards, began last year after Congress failed to pass even one of several bills aimed at improving cybersecurity in the nation’s vital industries.
White House officials say the order is not a replacement for legislation, and lawmakers already have begun to reintroduce several of the bills drafted last year.
Cybersecurity is a complex issue, affecting every government agency and sector of industry — from defense and banking to utilities and health care.
“There have been very lengthy negotiations about [the] roles and responsibilities [of government agencies], especially for the Department of Homeland Security,” former White House cybersecurity coordinator Howard A. Schmidt told The Washington Times.
Mr. Schmidt said the executive order defines “specific responsibilities” for Homeland Security to secure federal computer networks — the .gov domain.
The federal government already has established channels through which to share threat information with 17 key industrial sectors, from banking to telecommunications to transportation.
But Mr. Schmidt said that effort would have to be stepped up.
“Somehow, you need to get a stronger, more intimate relationship” between Homeland Security and the private sector,” he said. “There needs to be better information sharing on threats.”
The executive order directs the Homeland Security secretary to review the information-sharing processes and come up with improvements within 180 days.
Last year’s legislative effort in Congress stumbled over the issue of what authority Homeland Security should have over computer security standards in the private sector.
A bipartisan Senate bill would have given Homeland Security the power to impose cybersecurity standards on the computer networks for vital private sector industries such as oil and gas.
The U.S. Chamber of Commerce, other business lobbies and Senate Republicans fiercely oppose the plan, pointing to Homeland Security’s troubled history in regulating security in the one sector for which it already has responsibility — the chemical industry.
The orders are slated to be unveiled at a special event Wednesday at the Commerce Department.
White House cybersecurity policy chief Michael Daniel and Air Force Gen. Keith B. Alexander, commander of the U.S. military’s Cyber Command and director of the super-secret National Security Agency, will appear with Deputy Commerce Secretary Rebecca M. Blank, Deputy Homeland Security Secretary Jane Holl Lute, and Deputy Attorney General James M. Cole.
• Shaun Waterman can be reached at swaterman@washingtontimes.com.
Please read our comment policy before commenting.