Cyber attacks have caught the attention of both the president and Congress in recent months. While House legislation has received pushback, a similar Executive Order hasn’t. So what’s the difference?
President Barack Obama issued on Feb. 12 an Executive Order on cybersecurity, a move supported by Ron Gula, CEO of Tenable Network Security in Columbia.
One day later, the Cyber Intelligence Sharing and Protection Act (CISPA) was reintroduced in the House of Representatives, which rankled privacy and civil liberties groups in the U.S.
As Technically Baltimore has reported this week, such groups view CISPA as a legally dubious bill, mainly because of the bill’s vague terminology and the liability protections it would offer private companies who share cyber threat information from personal computers with the federal government.
The president’s Executive Order, however, hasn’t been met with the same contempt. Broadly, here’s what the EO does:
- The Director of the National Institute of Standards and Technology will lead the creation of a Cybersecurity Framework, which will “include a set of standards, methodologies, procedures, and processes” for addressing potential cyber threats and cyber attack risks. See Sec. 7.
- It expands the Enhanced Cybersecurity Services program to “all critical infrastructure sectors,” meaning private companies providing cybersecurity protections for critical infrastructure — electrical grids, dams, power stations, air traffic control, water supply companies and financial institutions — will be provided with security clearances in order to get the latest information on potential cyber threats. See Sec. 4, (c).
As the Electronic Frontier Foundation has noted, the Executive Order “addresses the core aim of CISPA without granting expansive powers to companies or broad legal immunity.” And it includes an entire section dealing with “privacy and civil liberties protections.”
Writing in this publication, Ron Gula at Tenable called the EO “a step in the right direction for national cybersecurity” because it provides the federal government “a potential pathway to communicate its building knowledge of cyber attacks.”
What’s important about the Executive Order is that it’s information sharing in one direction only, as Digital Trends astutely points out. CISPA, on the other hand, allows for two-way information sharing from government to private companies, and vice versa.
The concern here is over who determines who is a cybersecurity threat and what information can be shared between a private company and the government about potential cyber threats. That two-way conversation worries many privacy advocates in a way that the more limited Executive Order doesn’t.
A general House debate on CISPA will likely examine where, and why, the legislation goes beyond Obama’s policy.
This is part three of a Technically Baltimore series on CISPA.
- Part four will take a look at the telecommunications firms in support of CISPA, and how much money pro-CISPA groups have contributed to the national political campaigns of Congressmen Mike Rogers and Dutch Ruppersberger, the sponsor and co-sponsor, respectively, of the legislation.
Before you go...
Please consider supporting Technical.ly to keep our independent journalism strong. Unlike most business-focused media outlets, we don’t have a paywall. Instead, we count on your personal and organizational support.
3 ways to support our work:- Contribute to the Journalism Fund. Charitable giving ensures our information remains free and accessible for residents to discover workforce programs and entrepreneurship pathways. This includes philanthropic grants and individual tax-deductible donations from readers like you.
- Use our Preferred Partners. Our directory of vetted providers offers high-quality recommendations for services our readers need, and each referral supports our journalism.
- Use our services. If you need entrepreneurs and tech leaders to buy your services, are seeking technologists to hire or want more professionals to know about your ecosystem, Technical.ly has the biggest and most engaged audience in the mid-Atlantic. We help companies tell their stories and answer big questions to meet and serve our community.
Join our growing Slack community
Join 5,000 tech professionals and entrepreneurs in our community Slack today!