President Obama issues cybersecurity executive order; initiatives to include energy sector

During his State of the Union Address on February 12, US President Barack Obama announced that he had signed a long-anticipated executive order focused on strengthening cybersecurity for the nation’s critical digital infrastructure. The White House also released a Presidential Policy Directive to provide additional clarity.

The executive order directs the federal government to identify critical infrastructure within five months and work with affected public and private industries over the next year to create voluntary cybersecurity standards with appropriate incentives to increase compliance. The National Institute of Standards and Technology, working with a host of federal agencies including the US Department of Homeland Security (DHS), will create a “Cybersecurity Framework” that will take into account useful current standards and best practices for various industries, including the energy sector. The order directs DHS to create by mid-May “a set of incentives designed to promote participation.”

The order also takes several steps to expand and improve cyber-threat information sharing practices among the public and private sector and improve security clearance protocols and utilization of private-sector experts. Section 5 of the order is dedicated to the protection of privacy and civil liberties.

Without accompanying statutory changes, the effectiveness of the order may in large part be determined by the attractiveness of the incentives. The executive order may jumpstart similar discussions in Congress on the need to enhance liability protection for companies that chose to participate in expanded information-sharing programs or that adhere to the baseline cybersecurity standards.

ISO New England will continue to follow federal efforts to address cybersecurity practices for the electric and energy sector and analyze the impacts of any changes on New England.