Obama’s Cybersecurity Executive Order for 2013

The reaction to President Obama’s decision to issue an executive order regarding cybersecurity in the U.S. has, perhaps unsurprisingly, been met with a mixed response.  Many different groups have expressed criticism of the order.  Some say that it doesn’t go far enough, and that it doesn’t provide enough protection. Still other groups say that the order puts too much regulation on businesses.

The executive order does many things. It defines the criteria for being considered critical infrastructure and sets up an interagency process for policy coordination, guidance, and dispute resolution. It will incorporate voluntary standards and provide measurable ways to protect infrastructure.  The act also has put into place protections for business confidentiality, privacy of the individual, and civil liberties.   The development of this framework will be led by the National Institute of Standards and Technology.  The preliminary version of the framework will be published within 240 days and the final version must be published within one year.

It is important to note that adoption of the framework by the private sector will be mandatory. Most agree that something must be done to protect the infrastructure of the U.S. from the threats posed by cyberwarfare. Additionally, the President has indicated that he was forced to act because of the inaction of Congress.  Since announcing the executive order, Congress has reintroduced controversial legislation of their own. The Cyber Intelligence Sharing and Protection Act (CISPA), had been introduced last year and eventually withdrawn due to strong opposition.

Some groups such as the U.S. Chamber of Commerce oppose the executive order on the grounds that the order imposes too much regulation.  Still others, like the advocacy group the Constitution Project, have indicated that they believe the executive order poses “far fewer threats” to privacy rights than the act that was introduced in Congress.

[Image via thetechblock]