Obama Cyber-Security Order a Good First Step, Experts Say
Regarding threats to critical infrastructure, he said he doesn't expect a cinema-quality "catastrophic" event, but he does believe an agenda of heightened security is worthwhile. Gula explained that 2012 saw the highest-ever number of data-loss public disclosures, but that it was many small companies that had been hit. The big companies, with security measures in place, had remained secure, proving that investments in cyber-security pay off, he said. "That's why I think this is a good thing," he said of the order. "Progress is going to happen." However, the voluntary program of information sharing that the order calls for is tricky, in that it requires a certain balance to be struck, said Daren Orzechowski, a partner in the international law firm White & Case.Lawrence A. Pingree, Gartner research analyst and director, said there's also some wait-and-see in what will result from the request for greater information sharing. "The real question is [whether this will] result in an actual improvement in security by sharing intelligence with the private sector," Pingree told eWEEK. "Largely, we don't know if the classified intelligence will be better than the intelligence we already have. I think we, as security practitioners and researchers, are all on the edge of our seats." The consensus regarding the order seems to be that, at the very least, it can only help. "Like all of us, the Obama administration has seen countries like Iran, North Korea and China demonstrate a willingness to hack into a widening scope of organizations that may grow to encompass critical infrastructure in the future, if the trends continue," Dan Guido, co-founder and CEO of information security company Trail of Bits, told eWEEK. "The executive order will help keep us ahead of where we need to be, so we're prepared when these attacks become more of a reality," Guido said. "Declassification of threat information and protections for sharing information should help shift incentives over the long term." Follow Michelle Maisto on Twitter.
"The executive order leaves much of the work around balancing individual privacy rights and the nation's cyber-security interests to further agency action for creating a voluntary cyber-security framework and program," Orzechowski said in a statement. "We therefore need to stay tuned for the real details."