An executive order can only set voluntary cybersecurity standards for firms running America's 'critical infrastructure,' such as power grids. But some say Obama should be doing more.
J. Scott Applewhite/AP
The Obama administration on Wednesday unveiled a long-awaited executive order intended to bolster cybersecurity by hardening the computer networks that control the nation’s power grid, financial and transportation systems, and other “critical infrastructure.”
The move comes after the White House tried, and failed, to get tough cybersecurity legislation through Congress last year. Though the executive order cannot compel firms to comply – only legislation can do that – the voluntary standards are an attempt at least to do what is possible to address US vulnerabilities to cyberattack.
But the order largely fell short of many experts’ expectations for what could be done, even voluntarily. While some say it is better than nothing, others wonder why the Obama administration has not done more to stress how urgently some vital systems need to be upgraded.
“I had hoped, and have hoped for years, the US government would come out and say the [control systems] that run the critical infrastructure are insecure by design and must be upgraded or replaced ASAP,” says Dale Peterson, president of Digital Bond, a Sunrise, Fla., industrial cybersecurity company. “It's hard to believe 11-1/2 years after 9/11 that the US government has not even used the bully pulpit to make a difference.”
Page 1 of 4