What the order does do is attempt to induce companies that own critical assets to voluntarily improve their own security. The order:
- Increases sharing of timely threat information, digital signatures, and reports between the Department of Homeland Security (DHS) and willing companies, including the issuance of security clearances to critical infrastructure operators.
- Expands a much-touted Department of Defense Enhanced Cybersecurity Initiative that shares threat and protection information with defense contractors to include key infrastructure companies.
- Creates a new Critical Infrastructure Partnership Advisory Council in which DHS would help orchestrate cybersecurity upgrades for critical infrastructure.
- Calls on the National Institute of Standards and Technologies to oversee development of a “cybersecurity framework” to reduce cyber risks to critical infrastructure. The DHS would then work with specific federal agencies to persuade companies to become involved and upgrade their systems.
In unveiling the initiative in his State of the Union speech Tuesday, President Obama was blunt about the current cyber threat.
“Now our enemies are also seeking the ability to sabotage our power grid, our financial institutions, and our air traffic control systems,” Mr. Obama said. “We cannot look back years from now and wonder why we did nothing in the face of real threats to our security and our economy.”