Obama Cyber-Security Order a Good First Step, Experts Say
President Obama's executive order on critical infrastructure cyber-security asks for better information and more sharing. Until then, we wait.President Obama, ahead of his State of the Union address Feb. 12, signed an executive order that calls on the owners and operators of critical U.S. infrastructure to "improve cyber-security information sharing and collaboratively develop and implement risk-based standards." The order also called on the Department of Homeland Security to recommend ways to mitigate security attacks and, among other tasks, for the secretary of homeland security to direct the development of a cyber-security framework that includes a "set of standards, methodologies, procedures and processes that align policy, business and technological approaches to address cyber risks." To the fullest extent possible, the framework will also "incorporate voluntary consensus standards and industry best practices," said the order. "We know hackers steal people's identities and infiltrate private emails. We know foreign countries and companies swipe our corporate secrets. Now our enemies are also seeking the ability to sabotage our power grid, our financial institutions, our air traffic control systems," Obama said during his address. "We cannot look back years from now and wonder why we did nothing in the face of real threats to our security and our economy." On Feb. 13, the National Institute of Standards and Technology (NIST) responded, saying in a statement that toward the agenda of creating a cyber-security framework, it has issued requests for information from the relevant parties.
"The Framework will not dictate one-size-fits-all solutions, but will instead enable innovation by providing guidance that is technology-neutral and recognizes the different needs and challenges within and among critical infrastructure sectors," NIST said in its statement.