On February 12, the executive order “Improving Critical Infrastructure Cybersecurity” was issued, accompanied by a Presidential Policy Directive as well as a mention from President Obama in the State of the Union address. Similar to the previously discussed November 2012 draft, the executive order addresses: improvements in information sharing between the public and private sectors; application by implementing agencies of the Fair Information Practice Principles; development by the National Institute of Standards and Technology of a “Cybersecurity Framework” of standards, methodologies and processes that are consistent with voluntary international standards; an invitation to the private sector to participate in a voluntary critical infrastructure Cybersecurity Program; and identification of critical infrastructure at greatest risk.
The need for addressing the cyber threat is directly reflected in the executive order as well as with the recently introduced Cyber Intelligence Sharing and Protection Act (CISPA). Information sharing is the main focus of CISPA and addresses liability and other protections on use or dissemination for information shared by the private sector and eases some of the restrictions on sharing sensitive or classified government information.
Please click here to read the issued Client Alert.