What the order does do is attempt to induce companies that own critical assets to voluntarily improve their own security. The order:
- Increases sharing of timely threat information, digital signatures, and reports between the Department of Homeland Security (DHS) and willing companies, including the issuance of security clearances to critical infrastructure operators.
- Expands a much-touted Department of Defense Enhanced Cybersecurity Initiative that shares threat and protection information with defense contractors to include key infrastructure companies.
- Creates a new Critical Infrastructure Partnership Advisory Council in which DHS would help orchestrate cybersecurity upgrades for critical infrastructure.
- Calls on the National Institute of Standards and Technologies to oversee development of a “cybersecurity framework” to reduce cyber risks to critical infrastructure. The DHS would then work with specific federal agencies to persuade companies to become involved and upgrade their systems.
In unveiling the initiative in his State of the Union speech Tuesday, President Obama was blunt about the current cyber threat.
“Now our enemies are also seeking the ability to sabotage our power grid, our financial institutions, and our air traffic control systems,” Mr. Obama said. “We cannot look back years from now and wonder why we did nothing in the face of real threats to our security and our economy.”
One threat is that another nation could perpetrate a Stuxnet-style attack on the US. Stuxnet, the powerful cyberweapon unleashed on Iran’s nuclear fuel centrifuge facility at Natanz, is reported to have destroyed at least 1,000 of the machines and set the program back as many as two years. Such weapons, targeted at civilian systems, could likely wreak havoc on the US power grid.
Businesses welcomed Obama's move.
“We need help from government that only government can provide, including intelligence information to counter growing threats,” said Ajay Banga, president of MasterCard Worldwide, who also chairs the Business Roundtable Information and Technology Committee, in a statement. The Business Roundtable represents CEOs of leading US companies across the economy. “We are encouraged that the Executive Order will facilitate additional information sharing between government and the private sector.”