From: The White House Blog
Effective regulations are an important tool to protect the security and economic vitality of our nation. The President is committed to simplifying and streamlining regulations while ensuring that the benefits justify the costs. In fact, this Administration has undertaken one of the most significant and transparent reform efforts aimed at eliminating unjustified regulatory costs to date.
In light of this commitment, the President’s Executive Order (EO) 13636, “Improving Critical Infrastructure Cybersecurity,” called on Executive Branch agencies to assess whether and how existing cybersecurity regulation could be streamlined and better aligned with the Cybersecurity Framework launched in February 2014. It is important to understand that an Executive Order can only direct Executive Branch agencies, not independent regulators. Much of critical infrastructure is regulated by independent regulators; therefore, the analysis conducted pursuant to EO 13636 represents a limited subset of critical infrastructure sectors: water, health, transportation, and chemical. Independent regulatory agencies may engage in similar analysis but are not required to under this EO.
The EO directs Executive Branch departments and agencies with responsibility for regulating the security of private-sector critical infrastructure to: (1) assess the sufficiency of existing regulatory authority to establish requirements based on the Cybersecurity Framework to address current and projected cyber risks; and (2) identify proposed changes in order to address insufficiencies identified. The Cybersecurity Framework articulates a risk management approach based on best practices and globally recognized standards. It is a voluntary tool that organizations can use to strengthen cyber risk management.
After extensive research, we determined that the following departments and agencies were required to submit reports: Environmental Protection Agency (drinking water and waste-water), Department of Health and Human Services (medical devices, electronic health records, health exchanges), and the Department of Homeland Security (chemical facilities and transportation). I encourage you to read their individual reports located here: DHS, HHS, EPA.
Read Complete Post from the White House Cybersecurity Coordinator
Leave a Reply