President Obama has just signed an executive order designed to increase the nation’s cyber security. What does it mean and which companies will be affected?
During his State of the Union address on February 12, President Obama announced he had signed a long-awaited cyber security executive order.
Observers are calling it a weakened alternative to previously proposed information security laws, such as the Cyber Security Act and the Secure IT Act, which were both shot down in Congress last year.
Instead of imposing new rules and requirements for private companies, as previous proposals would have, Obama’s cyber security executive order sets up a voluntary program to allow those companies to share information about IT security with the government.
Voluntary cyber security guidelines
The order will also create voluntary security guidelines for companies that manage the nation’s “critical infrastructure.” According to the executive order, that means any system in which an attack would have “a debilitating impact on security, national economic security, national public health or safety, or any combination of those matters.”
Affected business could include those running power plants, gas pipelines, traffic control systems and water treatment plants. The order says that the Department of Homeland Security will identify in more detail which companies fall under the category within 150 days.
Obama said companies will receive incentives for following the voluntary guidelines. However, there’s no word yet on what the incentives will be or what the guidelines will entail — the National Institute of Standards and Technology will have up to a year to finalize the program.
In contrast, the Obama-backed Cyber Security Act and previous proposals for an executive order would have created mandatory IT security requirements, which critics said would have been too costly for those privately owned companies.
But don’t expect this to the last word on the government’s efforts to improve cyber security — Obama said in his speech that “Congress must act as well” and pass new legislation to protect critical systems.