President Obama on Tuesday signed two orders tasking federal regulators to enforce cybersecurity standards for banking, telecommunications, energy and other industries, according to White House officials.
An executive order and an accompanying presidential directive make “use of existing authorities and partnerships” with the private sector, said a senior administration official, speaking on condition of anonymity to brief reporters.
The orders give government scientists a year to devise a “baseline framework” for cybersecurity incorporating “voluntary consensus standards and industry best practices,” the official said.
The aim is to protect the computer systems of key industries from cyberattacks by hackers, criminals, spies and enemy states.
The cybersecurity orders, which Mr. Obama highlighted in his State of the Union address Tuesday, were welcomed by the chairman and ranking member of the House Permanent Select Committee on Intelligence.
“We will closely review the President’s executive order once it is released but we agree that our biggest barriers to bolster our cyber defenses can be fixed only with legislation,” Reps. Mike Rogers, Michigan Republican and committee chairman, and C.A. “Dutch” Ruppersberger, Maryland Democrat, said in a statement.
Work on the executive order, which will rely on existing U.S. regulatory authorities and voluntary standards, began last year after Congress failed to pass even one of several bills aimed at improving cybersecurity in the nation’s vital industries.
White House officials say the order is not a replacement for legislation, and lawmakers already have begun to reintroduce several of the bills drafted last year.
Cybersecurity is a complex issue, affecting every government agency and sector of industry — from defense and banking to utilities and health care.
“There have been very lengthy negotiations about [the] roles and responsibilities [of government agencies], especially for the Department of Homeland Security,” former White House cybersecurity coordinator Howard A. Schmidt told The Washington Times.
Mr. Schmidt said the executive order defines “specific responsibilities” for Homeland Security to secure federal computer networks — the .gov domain.
The federal government already has established channels through which to share threat information with 17 key industrial sectors, from banking to telecommunications to transportation.
But Mr. Schmidt said that effort would have to be stepped up.
“Somehow, you need to get a stronger, more intimate relationship” between Homeland Security and the private sector,” he said. “There needs to be better information sharing on threats.”
The executive order directs the Homeland Security secretary to review the information-sharing processes and come up with improvements within 180 days.