Policy & Law
Back in September the White House confirmed earlier reports that it was drafting an executive order that would help businesses and government create best practices for cybersecurity. Now, according to the latest leaked draft of the order, it will still include a system for protecting critical infrastructure like power plants and railways from cyber attacks, but a number of changes mean that this won't include "any commercial information technology products." The program is voluntary and aims to provide a series of security standards to help protect infrastructure operators from attack. A separate revision to the order directs the Treasury and Commerce departments to identify incentives for those operators that do participate.
According to a report from The Hill, the exception for commercial products was made in order to appease concerns from the technology industry, and were made after numerous meetings with industry insiders, likely to avoid a similar fate as CISPA. "The National Security Staff has held over thirty meetings with industry, think tanks, and privacy groups, meeting directly with over 200 companies and trade organizations representing over 6,000 companies that generate over $7 trillion in economic activity and employ more than 15 million people," White House spokesperson Caitlin Hayden wrote in an email statement.