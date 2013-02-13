(Adds Obama's remarks, industry reaction)
* Orders creation of voluntary cybersecurity standards
* Calls for easier information sharing with private industry
* Last year Congress failed to pass cybersecurity law
By Alina Selyukh
WASHINGTON, Feb 12 U.S. President Barack Obama
on Tuesday signed an executive order seeking better protection
of the country's critical infrastructure from cyber attacks that
are a growing concern to the economy and national security.
The long-expected executive order, unveiled in the State of
the Union speech, follows last year's failed attempt by the U.S.
Congress to pass a law to confront continuing electronic attacks
on the networks of U.S. companies and government agencies.
The order, which does not have the same force as law,
directs federal authorities to improve information sharing on
cyber threats - including some that may be classified - with
companies that provide or support critical infrastructure.
Cyber attacks in recent months targeted a succession of
major U.S. companies and government agencies, adding fuel to the
debate about how the government and the private sector, which
runs most of the critical U.S. infrastructure, can best protect
sensitive information.
"We know hackers steal people's identities and infiltrate
private e-mail," Obama said in the address. "We know foreign
countries and companies swipe our corporate secrets. Now our
enemies are also seeking the ability to sabotage our power grid,
our financial institutions, and our air traffic control systems.
We cannot look back years from now and wonder why we did nothing
in the face of real threats to our security and our economy."
The new order directs government officials, led by the
secretary of homeland security, in the next year to create
standards to reduce cybersecurity risks.
The government will offer incentives to encourage companies
to adopt them, but because it lacks legal enforcement power,
adoption of the so-called Cybersecurity Framework will be
voluntary.
To help companies protect themselves, the order also will
set up a program to ease delivery of classified cyber threat
information to eligible companies. It also calls for expedited
security clearances for some company employees who deal with
critical infrastructure.
The executive order carries no power to compel companies to
reciprocate or to exchange cybersecurity information among
themselves. That is one reason why White House officials
underscore that the order does not replace legislation that
Congress could once again undertake this year.
"It's not an end of the conversation and in fact it's just a
continuation of it," said one senior administration official.
LEGISLATION NEEDED
Last year's bill, which also included liability protection
for companies, is expected to be reintroduced on Wednesday,
according to its author, Republican Representative Mike Rogers,
who chairs the House Intelligence Committee.
"We agree that our biggest barriers to bolster our cyber
defenses can be fixed only with legislation," Rogers said.
His bill last year passed the House of Representatives but
not the Senate, largely because of concerns about expansion of
federal regulations and protecting private information when it
comes to sharing private data with the government.
On Tuesday, the U.S. Chamber of Commerce, the powerful
business lobby, reiterated its opposition to "expansion or
creation of new regulatory regimes" and called Obama's order
unnecessary.
Obama's executive order requires government officials to
comply with and routinely assess privacy standards and civil
liberties protections.
Many influential lawmakers and industry heavyweights
welcomed Obama's move as a step closer to a comprehensive cyber
security law that bolsters a partnership between the public and
private sectors.
"These activities represent a down payment in the protection
of our nation's cyber infrastructure, which Congress will build
upon as they develop comprehensive cybersecurity legislation,"
said Michael Chertoff, former secretary of homeland security
under President George W. Bush. He called the executive order a
"critical step in protecting America."
A trio of Republican senators and leaders in national
security - John McCain, Saxby Chambliss and John Thune - said
the executive action could not "achieve the balanced approach"
that a Congressional law would and pledged to ensure thorough
oversight of any action directed by the order.
"The Senate should follow regular order and craft
legislation that will have an immediate impact on our nation's
cybersecurity without adding or prompting regulations that could
discourage innovation and negatively impact our struggling
economy," they said in a joint statement.
