President Obama's executive order on cybersecurity is a good first step, but it lacks teeth and a lot of it hinges on the execution, said several former and current government officials during a panel discussion on the topic at RSA Conference 2013.
The executive order is a good response to the rising threats posed to critical infrastructure facilities and their networks, the vast majority -- up to 90 percent by some estimates -- of which are owned by the private sector, said panelists as part of a discussion on the executive order. It sends a message to legislators that, by 2014 at least, they need to take action, said James Lewis, a senior fellow and director of the public policy program at Washington-based think tank Center for Strategic and International Studies.
"Congress is the motor for the U.S. government and Congress isn't working," Lewis said speaking to a room of hundreds of security professionals and other RSA Conference attendees. "There's a sense that there is a real need, and the president needed to step in."
Lewis led the discussion with Michael Chertoff, the former secretary of homeland security, and Michael Daniel, currently the White House cybersecurity coordinator. The executive order could have an impact on some channel partners if they are providing products and services to organizations that are regulated, because those privately owned entities that have control systems regulated by government agencies, such as those under the FAA, must adhere to the new framework being developed. But, the vast majority of the facilities are in private hands, Chertoff said.
"I think that we're in a race against time," said Chertoff, currently chairman and co-founder of the Chertoff Group, a global security advisory firm. "There will have to be some tough decisions about how much convenience is sacrificed for security."
President Obama issued the cybersecurity executive order Feb. 12, following his State of the Union speech. It came following failed attempts by Congress to pass meaningful legislation, experts say. Meanwhile cyberattacks are increasing in frequency and sophistication, prompting some to question the nation's ability to defend against an attack or respond and recover from one.
The executive order is built on three pillars: information sharing, privacy and a framework for standards. The federal government will focus on improving the volume, quality and timeliness of the information it shares to the private sector. It's issuing security clearances to individuals at some critical infrastructure facilities to share classified information and protect the source of the information, Daniel said.
"The hard work will be implementing the executive order and policy directive, and we need to watch that we stay on track for that," said Daniel, who was appointed by Obama as White House cybersecurity coordinator in May.
NEXT: Order Is A "Down Payment" For Legislation