InfoBytes Blog
President Obama Issues Executive Order on Cybersecurity
On February 12, President Obama issued an Executive Order (EO) titled Improving Critical Infrastructure Cybersecurity, and a related Presidential Policy Directive (PPD). The EO establishes a process to facilitate sharing of cybersecurity information among private firms in critical infrastructure sectors and the federal government, and tasks the National Institute of Standards and Technology (NIST) with developing standards, methodologies, procedures, and processes that will form a voluntary best practices framework to address cyber risks. The EO also includes provisions designed to protect privacy and civil liberties. The financial services sector is one of the many sectors identified as a critical sector, and the EO and PPD name the Treasury Department as the federal entity responsible for providing institutional knowledge and specialized expertise as well as leading, facilitating or supporting the security and resilience programs and associated activities for critical financial services firms. On February 13, NIST initiated the process to develop the best practices framework by announcing a request for information from critical infrastructure owners and operators, federal agencies, state, local, territorial and tribal governments, standards-setting organizations, other members of industry, consumers, solution providers and other stakeholders. NIST is required by the EO to prepare a preliminary framework by October 10, 2013, and a final framework by February 12, 2014.