Advertisement

July 25, 2014

President Obama Issues Executive Order — Improving Critical Infrastructure Cybersecurity

President Obama issued an Executive Order on February 12, 2013, declaring “the national and economic security of the United States depends on the reliable function of the Nation’s critical infrastructure” in the face of repeated cyber intrusions into crucial infrastructure and the growing and continuing threat to cyber security and critical infrastructure.

The Executive Order declares, as a policy of the United States, the need to “enhance the security and resilience of the Nation’s critical infrastructure” and requires this be done in a manner that encourages “efficiency, innovation, and economic prosperity” while promoting “safety, security, business confidentiality, privacy, and civil liberties.” The Executive Order includes physical as well as virtual systems and assets when defining critical infrastructure so long as the systems or assets are “so vital to the United States that the incapacity or destruction of such systems and assets would have a debilitating impact on security, national economic security, national public health or safety, or any combination of those matters.”

Significant among the requirements established in the Executive Order is the requirement that the Secretary of Homeland Security share greater detail regarding specific threats with the private sector, and particularly with the owners and operators of critical infrastructure systems and assets, so that those entities may better protect and defend themselves against cyber threats. The information sharing will come through reports to the targeted entity detailing the threat. The Executive Order contemplates providing classified cyber threat and technical information from the government to “eligible critical infrastructure companies or commercial service providers that offer security services to critical infrastructure.”

The Secretary of Homeland Security also is required to identify critical infrastructure “where a cybersecurity incident could reasonably result in catastrophic regional or national effects on the public health or safety, economic security, or national security.” The Secretary is charged with coordinating the effort to identify critical infrastructure assets on a sector-specific basis with the aid of relevant agencies, independent agencies, and owners and operators of the critical assets in each sector.

The Executive Order discusses the need for government agencies to coordinate their efforts in compliance with the Order to ensure that privacy and civil liberty protections are incorporated. The Order also contemplates a collaborative process among government agencies, independent agencies and, directly and indirectly, with the owners of critical infrastructure assets and systems to identify and define what amount to best practices, best technologies and best systems, while eliminating ineffective, conflicting or excessively burdensome cybersecurity requirements.

Public utilities will have direct and actual knowledge of threats made against their facilities and should work now to ensure processes are in place to receive and address reports of threats to their facilities if ever needed. Once a cyber-threat report issues, there will be no time available to develop processes as action will be required and failure to have processes in place may have dire consequences for the owner or operator of the asset and, potentially, for the nation.

© 2014 Schiff Hardin LLP

About the Author

Partner

Regina Y. Speed-Bost concentrates in energy administrative and regulatory law. She advises natural gas companies, local distribution companies, energy marketers and electric utilities.

202-778-6429

Boost: AJAX core statistics

Legal Disclaimer

You are responsible for reading, understanding and agreeing to the National Law Review's (NLR’s) and the National Law Forum LLC's  Terms of Use and Privacy Policy before using the National Law Review website. The National Law Review is a free to use, no-log in database of legal and business articles. The content and links on www.NatLawReview.com are intended for general information purposes only. Any legal analysis, legislative updates or other content and links should not be construed as legal or professional advice or a substitute for such advice. No attorney-client or confidential relationship is formed by the transmission of information between you and the National Law Review website or any of the law firms, attorneys or other professionals or organizations who include content on the National Law Review website. If you require legal or professional advice, kindly contact an attorney or other suitable professional advisor.  

Some states have laws and ethical rules regarding solicitation and advertisement practices by attorneys and/or other professionals. The National Law Review is not a law firm nor is www.NatLawReview.com  intended to be  a referral service for attorneys and/or other professionals. The NLR does not wish, nor does it intend, to solicit the business of anyone or to refer anyone to an attorney or other professional.  NLR does not answer legal questions nor will we refer you to an attorney or other professional if you request such information from us. 

Under certain state laws the following statements may be required on this website and we have included them in order to be in full compliance with these rules. The choice of a lawyer or other professional is an important decision and should not be based solely upon advertisements. Attorney Advertising Notice: Prior results do not guarantee a similar outcome. Statement in compliance with Texas Rules of Professional Conduct. Unless otherwise noted, attorneys are not certified by the Texas Board of Legal Specialization, nor can NLR attest to the accuracy of any notation of Legal Specialization or other Professional Credentials.

The National Law Review - National Law Forum LLC 4700 Gilbert Ave. Suite 47 #230 Western Springs, IL 60558  Telephone  (708) 357-3317 If you would ike to contact us via email please click here.