updated 12:06 am EST, Wed February 13, 2013
New measure grows on existing measure from 2010, changes little
President Obama on Tuesday night debuted a new executive order, spelling out a national response to the growing cyber-security threat. He introduced the measure during the State of the Union address, saying that the US and allied nations must take action to stem the tide of the attacks, as "we cannot look back years from now and wonder why we did nothing in the face of real threats to our security and our economy."
The Tuesday order expands on a voluntary initiative already in place that began in May 2012 supervised by the Department of Defense and the Department of Homeland Security. The existing measure has been criticized both for its lack of definition and scope, and failure to identify what constitutes a level of cyber attack that necessitates a response. Additionally, the original language has little if any privacy or civil rights protections.
In the draft of the document released during the State of the Union -- which summarizes what the President is seeking but little actual detail on the actual execution -- the White House does note that the new measure must include "strong privacy and civil liberties protections." It is hoped that the actual bill will address criticisms of the program currently enacted by 12 companies plus the federal government.
The order describes the framework for the government and private sector cooperation as "a set of standards, methodologies, procedures, and processes that align policy, business, and technological approaches to address cyber risks" with specific provisos and sources of funding to be worked on by the House and Senate. The order demands action within 120 days from the Attorney General, the Secretary of Homeland Security, and the Director of National Intelligence to issue instructions to security agencies that "ensure the timely production of unclassified reports of cyber threats to the US homeland that identify a specific targeted entity."
Homeland Security has been ordered to release information on how this order's implementation puts US citizens' privacy and civil liberties at risk, and how the Secretary of Homeland Security can "minimize or mitigate such risks."