While the President is currently giving his State of the Union address (viewable on YouTube here), earlier today he signed an executive order intended to improve the network security of "critical infrastructure." As noted by The Hill, the order charges the National Institute of Standards and Technology with the task of creating a framework of best practices for operators in industries like transportation, water and health to follow, due in the next 240 days. The Department of Homeland Security is also heading up a voluntary program works with various agencies and industry groups to make sure the policies are actually adopted, and find ways to create incentives for that to happen.

The order has arrived after cybersecurity legislation failed to pass through Congress, and has been rumored heavily throughout the last few weeks. The president called for Congress to pass legislation to prevent cyberattacks during his speech, and this order is reportedly meant as a step in that direction. The Wall Street Journal indicates many businesses want liability protection against attacks in exchange for following the guidelines, which would require approval form Congress in order to happen.

It includes language accounting for privacy concerns as well, with agencies required to look over the potential impact of their work, and release public assessments. The DHS is to report in a year how its work impacts civil liberties and provide recommendations on mitigating such risks. There's a lot to read through, so you can check out the document itself embedded after the break, or wait for those various agency reports for more updates.


Cybersecurity executive order by Brendan Sasso