From: Financial Times
By Stephanie Kirchgaessner in Washington
The White House is set to order stronger cybersecurity measures by the end of this month as a rash of unprecedented cyber attacks against financial institutions and energy companies are prompting some big companies to rethink the need for government intervention.
The executive order will call for information sharing and co-operation between the private sector and government and create a new – but voluntary – set of standards for companies that operate critical US infrastructure.
Big business lobbyists quashed an effort to pass a comprehensive cybersecurity law on Capitol Hill last year, but the attacks – some reportedly orchestrated by Iran – have caused companies to reconsider, some experts said.
“We tried to do cybersecurity legislation pre- and post-9/11 and what was challenging was that the private sector was reluctant to share information and so was the government,” says Kiersten Todt Coon, a former senior staff member of the Senate homeland security committee and now president of Liberty Group Ventures.
But after a slew of attacks that Ms Todt Coon said were committed with a level of “diligence and intensity” that the financial sector in particular had never experienced before, there was a new sense of “we need your help and we need to work together”.
The executive order does not target routine attacks against private companies by hackers. Rather, it is an effort to prevent catastrophic attacks and build more resilient systems for operators of critical infrastructure. The exact definition of what will be included have yet to be determined, but it is expected to include the electrical grid, financial services, chemical companies, oil and gas groups, and the water supply.
Some groups who have worked with the White House say the order could be released as early as this week and anticipate that President Barack Obama could mention it in his State of the Union address on February 12 as a sign of the gravity of the issue. The White House declined to comment on the order.
A November draft of the executive order that has circulated among lobbyists called for new procedures to be written within 120 days for companies to voluntarily participate in an “Enhanced Cybersecurity Services” initiative to address cybersecurity concerns.
The order also calls for the expedited provision of security clearances to operators of critical infrastructure, a proposal that responds to concerns in the business community that the government does not share enough classified information about potential threats.
Although the new standards will be voluntary, people who have worked with the White House on the executive order say it could open the door to new cybersecurity legislation.
Big business lobbyists quashed an effort to pass a comprehensive cybersecurity law on Capitol Hill last year, but the attacks – some reportedly orchestrated by Iran – have caused companies to reconsider, some experts said.
“We tried to do cybersecurity legislation pre- and post-9/11 and what was challenging was that the private sector was reluctant to share information and so was the government,” says Kiersten Todt Coon, a former senior staff member of the Senate homeland security committee and now president of Liberty Group Ventures.
But after a slew of attacks that Ms Todt Coon said were committed with a level of “diligence and intensity” that the financial sector in particular had never experienced before, there was a new sense of “we need your help and we need to work together”.
The executive order does not target routine attacks against private companies by hackers. Rather, it is an effort to prevent catastrophic attacks and build more resilient systems for operators of critical infrastructure. The exact definition of what will be included have yet to be determined, but it is expected to include the electrical grid, financial services, chemical companies, oil and gas groups, and the water supply.
Some groups who have worked with the White House say the order could be released as early as this week and anticipate that President Barack Obama could mention it in his State of the Union address on February 12 as a sign of the gravity of the issue. The White House declined to comment on the order.
A November draft of the executive order that has circulated among lobbyists called for new procedures to be written within 120 days for companies to voluntarily participate in an “Enhanced Cybersecurity Services” initiative to address cybersecurity concerns.
The order also calls for the expedited provision of security clearances to operators of critical infrastructure, a proposal that responds to concerns in the business community that the government does not share enough classified information about potential threats.
Leave a Reply