Civic News

Cybersecurity Executive Order: so what’s the need for CISPA?

Cyber attacks have caught the attention of both the President and Congress in recent months. While House legislation has gained push back, a similar Executive Order hasn't. So what's the difference?

Cyber attacks have caught the attention of both the president and Congress in recent months. While House legislation has received pushback, a similar Executive Order hasn’t. So what’s the difference?

President Barack Obama issued on Feb. 12 an Executive Order on cybersecurity, a move supported by Ron Gula, CEO of Tenable Network Security in Columbia.
One day later, the Cyber Intelligence Sharing and Protection Act (CISPA) was reintroduced in the House of Representatives, which rankled privacy and civil liberties groups in the U.S.
As Technically Baltimore has reported this week, such groups view CISPA as a legally dubious bill, mainly because of the bill’s vague terminology and the liability protections it would offer private companies who share cyber threat information from personal computers with the federal government.
The president’s Executive Order, however, hasn’t been met with the same contempt. Broadly, here’s what the EO does:

  1. The Director of the National Institute of Standards and Technology will lead the creation of a Cybersecurity Framework, which will “include a set of standards, methodologies, procedures, and processes” for addressing potential cyber threats and cyber attack risks. See Sec. 7.
  2. It expands the Enhanced Cybersecurity Services program to “all critical infrastructure sectors,” meaning private companies providing cybersecurity protections for critical infrastructure — electrical grids, dams, power stations, air traffic control, water supply companies and financial institutions — will be provided with security clearances in order to get the latest information on potential cyber threats. See Sec. 4, (c).

As the Electronic Frontier Foundation has noted, the Executive Order “addresses the core aim of CISPA without granting expansive powers to companies or broad legal immunity.” And it includes an entire section dealing with “privacy and civil liberties protections.”
Writing in this publication, Ron Gula at Tenable called the EO “a step in the right direction for national cybersecurity” because it provides the federal government “a potential pathway to communicate its building knowledge of cyber attacks.”
What’s important about the Executive Order is that it’s information sharing in one direction only, as Digital Trends astutely points out. CISPA, on the other hand, allows for two-way information sharing from government to private companies, and vice versa.
The concern here is over who determines who is a cybersecurity threat and what information can be shared between a private company and the government about potential cyber threats. That two-way conversation worries many privacy advocates in a way that the more limited Executive Order doesn’t.
A general House debate on CISPA will likely examine where, and why, the legislation goes beyond Obama’s policy.
This is part three of a Technically Baltimore series on CISPA.

  • Part four will take a look at the telecommunications firms in support of CISPA, and how much money pro-CISPA groups have contributed to the national political campaigns of Congressmen Mike Rogers and Dutch Ruppersberger, the sponsor and co-sponsor, respectively, of the legislation.
This is part three of a Technically Baltimore series on CISPA. Click here to read part one, about the privacy concerns surrounding cyber threat information sharing between private companies and the federal government. Click here for part two, outlining the trouble with liability protections in the CISPA bill.
Companies: Tenable Holdings / Congress / U.S. Government

Before you go...

Please consider supporting Technical.ly to keep our independent journalism strong. Unlike most business-focused media outlets, we don’t have a paywall. Instead, we count on your personal and organizational support.

3 ways to support our work:
  • Contribute to the Journalism Fund. Charitable giving ensures our information remains free and accessible for residents to discover workforce programs and entrepreneurship pathways. This includes philanthropic grants and individual tax-deductible donations from readers like you.
  • Use our Preferred Partners. Our directory of vetted providers offers high-quality recommendations for services our readers need, and each referral supports our journalism.
  • Use our services. If you need entrepreneurs and tech leaders to buy your services, are seeking technologists to hire or want more professionals to know about your ecosystem, Technical.ly has the biggest and most engaged audience in the mid-Atlantic. We help companies tell their stories and answer big questions to meet and serve our community.
The journalism fund Preferred partners Our services
Engagement

Join our growing Slack community

Join 5,000 tech professionals and entrepreneurs in our community Slack today!

Trending

Baltimore is setting a national standard for diversifying its economy

19 tech and entrepreneurship events to check out before the holidays

Tech lab space opening in new 4MLK building, thanks to $2M in public funds

EDA officials are ‘hopeful’ Tech Hubs program will live on under Trump

Technically Media