Cyber Lawyer on Your Side

President’s Executive Order on Cybersecurity

Written by Goosmann Law Team | May 15, 2015 3:30:00 PM

On February 13th President Obama signed Executive Order on cybersecuirty,13691, creating an initiative to broaden the powers of government surveillance agencies to disseminate information about cybersecurity threats among the private-sector. This order’s stated objective is to empower the market to protect itself against cybercrime by mutual and voluntary sharing of information between firms regarding new cybersecurity threats. 

The order’s stated core mission is to reduce the ability of cyber threats to culminate in successful attacks by creating a better informed private-sector.  How, and if, the measures in the executive order can accomplish that lofty goal are still unclear.  As with any increase or expansion of the government’s surveillance powers, real and legitimate concerns abound about the potential effect on privacy rights.  Silicon Valley firms and other groups are concerned about the effect the new initiative could have on their customer’s interests in privacy.  

Key components:

  1. The Department of Homeland Security gains the ability to release classified information among groups of participating firms. The goal is to provide faster notice to companies about possible attacks as well as time to prepare for future hacks.
  2. Creates Information Sharing and Analysis Organizations (ISAOs). The member companies of ISAOs are organized along sector, sub-sector, or regional lines, and are composed of a varying mix of private and public organizations that are to trade cybersecurity information with one another.
  3. Forms the ISAO Standards Organization, which creates the technical processes and guidelines by which ISAOs operate. The standards are supposed to ensure consistency and help the program evolve with technological innovation.

Looking at the big picture:

  • This order brings cybersecurity to the forefront of national defense concerns, and recognizes that the internet is increasingly integral to the daily operation of the nation.
  • Concerns exist that any increased government monitoring of communications will infringe on privacy rights.  It remains to be seen what infringements develop, and how and if those can be balanced against the danger cyberattacks present. But, any monitoring will need to comport with the 4th Amendment. 
  • This order builds upon previous executive orders, such as Executive Order 13636, implemented due to concerns that businesses are failing to prevent breaches because of a lack of information about who the hackers are and their methods of attack. 

No one can dispute that the development of broader security measures is necessary to reduce cybercrime.  How that is to be accomplished and by who are questions that have yet to be answered.   

What is certain is that cyberattacks remain a real and costly risk to anyone doing business over the internet – essentially most, if not all, private and government agencies.  And, we can anticipate a great deal of litigation in this area for years to come. 

For more information on cybersecurity policies and concerns contact the Goosmann Law Firm at info@goosmanlaw.com or (712) 226-4000.

Links:

White House website’s posting of EO 1369.

History of executive orders passed by the Obama Administration.

More information from the Washington Post on the Republican Party’s response to this order as well as the response from the tech sector.
View full post