White House Expected to Issue Executive Order on Cybersecurity

The White House is expected to unveil an executive order on Wednesday that aims to bolster safeguards against cyberattacks for industries deemed vital to the nation's well-being.

The directive, which President Obama is expected to discuss during his State of the Union address on Tuesday, is expected to set out a voluntary program that would encourage financial firms, utility operators, telecommunications companies and others who operate critical infrastructure to adopt certain cybersecurity practices in exchange for easier access to information from the government about pending threats.

The order is expected to mirror both a draft developed by the White House that leaked to the public in November and legislation the Senate debated but failed to pass last year.

On Monday, White House spokesman Jay Carney said the President thinks cybersecurity is "a very important issue" that "represents a huge challenge for our country."

"He has called on Congress to take action," Carney told reporters. "Unfortunately, Congress has thus far refused legislatively."

The renewed push to bolster digital security protection follows a wave of cyberattacks since September that slowed websites at the nation's biggest banks and prevented customers from accessing their accounts. Security experts say the assaults reveal a ratcheting up of the frequency and intensity of cyberattacks that reportedly has spurred some banks to ask U.S. intelligence agencies for advice on how to shore up computer networks.

On Wednesday, Mike Rogers (R-Mich.), who heads the House Intelligence Committee, is expected to introduce legislation that would encourage sharing of information between companies and government agencies about cyber threats. A similar measure passed the House of Representatives in April, although the White House and privacy advocates said the bill failed to safeguard civil liberties sufficiently.

For its part, the Senate also is expected to renew its work on cybersecurity legislation. Senators twice defeated measures last year to promote digital security after business groups opposed them.

The executive order is expected to facilitate the flow of information between the government and operators of critical infrastructure. "A key provision of the cybersecurity executive order we saw in late November anticipated quicker clearances where the administration would work with industry to develop a quicker security process so that more financial services companies could get the information they need about cyber threats," Amy Mushahwar, an attorney who specializes in data security at the law firm of Ballard Spahr, told American Banker.

The executive order also is expected to outline a process for developing protocols for cyber protection that would be formed by the government and industry in tandem. Mushahwar says it will be important for the administration to convene "a wide swath" of industry in the discussion, including law enforcement, critical infrastructure operators and companies that specialize in electronic security.

Mushahwar adds that the size of financial firms and other companies to be covered by the executive order is likely to be among the first items for discussion of the standards-setting group. U.S. law defines critical infrastructure broadly to include systems whose incapacity would have a debilitating impact on "security, national economic security, national public health or safety" or any combination of those concerns.

For reprint and licensing requests for this article, click here.
Bank technology Law and regulation
MORE FROM AMERICAN BANKER