President Obama signs cybersecurity order

obama on laptop

President Obama on Tuesday signed a new cybersecurity executive order, allowing the government to share more information it has on so-called national "cyber threats" with private companies, namely infrastructure providers.

Obama introduced the order during the State of the Union address, saying "America must also face the rapidly growing threat from cyber-attacks," also calling upon Congress to pass legislation to "give our government a greater capacity to secure our networks and deter attacks." As the President said:

We know hackers steal people’s identities and infiltrate private e-mail. We know foreign countries and companies swipe our corporate secrets. Now our enemies are also seeking the ability to sabotage our power grid, our financial institutions, and our air traffic control systems. We cannot look back years from now and wonder why we did nothing in the face of real threats to our security and our economy.

The executive order signed Tuesday expands upon a voluntary cyber threat information-sharing program already in place — the "Enhanced Cybersecurity Services program" (PDF) launched in May 2012 under the Departments of Defense and Homeland Security as part of a larger initiative for information sharing between the government and defense contractors, known as the "Defense Industrial Base Cybersecurity Activities (PDF)." Participation in that program has gone up and down, though, with 17 companies joining initially only for five to pull out as of October 2012, according to Foreign Policy.

In press materials, the White House also noted that it had included "strong privacy and civil liberties protections."

Now the President's executive order should allow the government's realtime cyber threat information to be shared with other firms outside the defense sector. It also puts the National Institute of Standards and Technology (NIST), a Commerce Department agency designed to foster the country's development and research of new technologies, in charge of setting up best practices and a "framework" for private industry's cybersecurity preparedness. This is how the order describes it:

The Cybersecurity Framework shall include a set of standards, methodologies, procedures, and processes that align policy, business, and technological approaches to address cyber risks.

The President's cybersecurity order, long expected, is designed to accomplish through executive muscle what wasn't achieved through Congress. In April 2012, the Republican-led House passed the Cyber Intelligence Sharing and Protection Act (CISPA), which drew controversy from online Web freedom and privacy advocates who argued it didn't contain enough restrictions on how companies and the government could access and share Web user information.

CISPA didn't become law. It didn't get further than the House, in fact. The Senate never picked it up and an alternative cybersecurity bill proposed by Sen. Joseph Lieberman (I-CT) was voted down late last year.

After that, reports steadily emerged that the President was considering the executive order option, the latest coming last week, just as CISPA's cosponsors vowed to reintroduce their bill.

You can read the full text of the order right here.

The Verge
Log In Sign Up

Log In Sign Up

Please choose a new Verge username and password

As part of the new Verge launch, prior users will need to choose a permanent username, along with a new password.

Your username will be used to login to Verge going forward.

I already have a Vox Media account!

Verify Vox Media account

Please login to your Vox Media account. This account will be linked to your previously existing Eater account.

Please choose a new Verge username and password

As part of the new Verge launch, prior MT authors will need to choose a new username and password.

Your username will be used to login to Verge going forward.

Forgot password?

We'll email you a reset link.

If you signed up using a 3rd party account like Facebook or Twitter, please login with it instead.

Forgot password?

Try another email?

Almost done,

By becoming a registered user, you are also agreeing to our Terms and confirming that you have read our Privacy Policy.



Choose an available username to complete sign up.

In order to provide our users with a better overall experience, we ask for more information from Facebook when using it to login so that we can learn more about our audience and provide you with the best possible experience. We do not store specific user data and the sharing of it is not required to login with Facebook.