The Hill is reporting that, despite the setbacks with cybersecurity legislation in the Senate last month, the White House is continuing to push forward on a "go-it-alone" path to enact some sort of measures that they feel are an imperative to protect critical infrastructure from hackers and other nefarious individuals. The move is not surprising; President Barack Obama said last month after the senate failed to pass the Cybersecurity Act of 2012 that he would use an executive order to implement some measures on his own.
To that end, the Administration has been circulating a draft proposal to various federal agencies for input and feedback. The draft proposes creating a voluntary program where companies that are considered critical infrastructure would meet cybersecurity "best practices and standards" crafted by the government and other experts.
The Hill claims that the draft document has already undergone multiple revisions and is very brief – five pages long. A new draft of the executive order is expected to be shared with relevant agencies next week. The White House declined to comment on the draft, only saying that an executive order is only one avenue the government is exploring, alongside continued legislative efforts.
According to sources familiar the executive order, it calls for the creation of an inter-agency council that would be led by the Department of Homeland Security (DHS). Members would include Department of Defense and the Commerce Department, and other agencies.
DHS would take guidance from the Commerce Department's National Institute of Standards and Technology (NIST), who would work with industry to help create a framework.
It's hard to know what else is in the Administration's executive order draft without seeing it, and it's also tough to gauge how the government will entice critical infrastructure companies to cooperate voluntarily. We also have no idea if parts of the House Bill, CISPA, are included in this draft.
We will have more on this story as it develops.
Source: The Hill