Page 1 of 2
President Obama authorized a plan to bolster threat information sharing and the creation of voluntary security guidelines for critical infrastructure protection.
The president issued an executive order to approve the creation of a voluntary framework for threat sharing, ordering the National Institute of Standards and Technology (NIST) to create an incentivized set of voluntary security guidelines for the protection of networks connected to critical infrastructure facilities. The Presidential Policy Directive was much anticipated by IT security experts, who say the plan was needed after too many failed attempts by legislators to get information security bills passed in Congress.
"We know foreign countries and companies swipe our corporate secrets," Obama said in his State of the Union address Tuesday night. "Now our enemies are also seeking the ability to sabotage our power grid, our financial institutions, and our air traffic control systems. We cannot look back years from now and wonder why we did nothing in the face of real threats to our security and our economy."
[Related: Cyberwar: The Digital Age's Dark Side]
The order builds on Obama's threat information sharing strategy laid out in December, directing the federal government to work with executives at companies that provide or support critical infrastructure to improve information sharing on security threats. It authorizes expedited security clearances for some private-sector employees who provide critical infrastructure protection. The plan also authorizes the Secretary of Homeland Security to work with other federal officials to create voluntary security standards that promote security and resilience of the nation's critical infrastructure.
A series of incentives will be created to encourage private-sector owners of critical infrastructure facilities to adopt the standards.
The Department of Homeland Security will evaluate capabilities and address threats and vulnerabilities that impact critical infrastructure. In addition,it will establish critical infrastructure centers that will provide situational awareness capability and information about emerging trends and imminent threats that impact critical infrastructure.
Officials have been talking about the need for information threat sharing and critical infrastructure protection over the past decade, but constant news about cyberespionage activity and nation-state-driven attacks has reignited the discussion. It reached a peak in recent months, with The New York Times breach illustrating the threat of targeted attacks that security experts believe are driven by nation-state-funded hacking groups. The Aurora attacks, believed to be delivered by the Elderwood cybercriminal group, remained stealthy and persisted on corporate systems for many months, spying on specific individuals before it was detected.