Civic News
Cybersecurity / Federal government / Nonprofits / Policies / Politics

Cybersecurity Executive Order: so what’s the need for CISPA?

Cyber attacks have caught the attention of both the President and Congress in recent months. While House legislation has gained push back, a similar Executive Order hasn't. So what's the difference?

This is part three of a Technically Baltimore series on CISPA. Click here to read part one, about the privacy concerns surrounding cyber threat information sharing between private companies and the federal government. Click here for part two, outlining the trouble with liability protections in the CISPA bill.
Cyber attacks have caught the attention of both the president and Congress in recent months. While House legislation has received pushback, a similar Executive Order hasn’t. So what’s the difference?

President Barack Obama issued on Feb. 12 an Executive Order on cybersecurity, a move supported by Ron Gula, CEO of Tenable Network Security in Columbia.
One day later, the Cyber Intelligence Sharing and Protection Act (CISPA) was reintroduced in the House of Representatives, which rankled privacy and civil liberties groups in the U.S.
As Technically Baltimore has reported this week, such groups view CISPA as a legally dubious bill, mainly because of the bill’s vague terminology and the liability protections it would offer private companies who share cyber threat information from personal computers with the federal government.
The president’s Executive Order, however, hasn’t been met with the same contempt. Broadly, here’s what the EO does:

  1. The Director of the National Institute of Standards and Technology will lead the creation of a Cybersecurity Framework, which will “include a set of standards, methodologies, procedures, and processes” for addressing potential cyber threats and cyber attack risks. See Sec. 7.
  2. It expands the Enhanced Cybersecurity Services program to “all critical infrastructure sectors,” meaning private companies providing cybersecurity protections for critical infrastructure — electrical grids, dams, power stations, air traffic control, water supply companies and financial institutions — will be provided with security clearances in order to get the latest information on potential cyber threats. See Sec. 4, (c).

As the Electronic Frontier Foundation has noted, the Executive Order “addresses the core aim of CISPA without granting expansive powers to companies or broad legal immunity.” And it includes an entire section dealing with “privacy and civil liberties protections.”
Writing in this publication, Ron Gula at Tenable called the EO “a step in the right direction for national cybersecurity” because it provides the federal government “a potential pathway to communicate its building knowledge of cyber attacks.”
What’s important about the Executive Order is that it’s information sharing in one direction only, as Digital Trends astutely points out. CISPA, on the other hand, allows for two-way information sharing from government to private companies, and vice versa.
The concern here is over who determines who is a cybersecurity threat and what information can be shared between a private company and the government about potential cyber threats. That two-way conversation worries many privacy advocates in a way that the more limited Executive Order doesn’t.
A general House debate on CISPA will likely examine where, and why, the legislation goes beyond Obama’s policy.
This is part three of a Technically Baltimore series on CISPA.

  • Part four will take a look at the telecommunications firms in support of CISPA, and how much money pro-CISPA groups have contributed to the national political campaigns of Congressmen Mike Rogers and Dutch Ruppersberger, the sponsor and co-sponsor, respectively, of the legislation.
Companies: Tenable Holdings / Congress / U.S. Government

Before you go...

Please consider supporting to keep our independent journalism strong. Unlike most business-focused media outlets, we don’t have a paywall. Instead, we count on your personal and organizational support.

Our services Preferred partners The journalism fund

Join our growing Slack community

Join 5,000 tech professionals and entrepreneurs in our community Slack today!


The Trump rally shooter perched on a building owned by American Glass Research. Here’s everything we know about it.

Quantum computing could be the next hot tech — if only that breakthrough would come

Here’s how the global tech outage impacted many of the vital systems across the mid-Atlantic region

Despite EDA decision, the Baltimore Tech Hub is still possible: Kory Bailey

Technically Media