Cybersecurity in the State of the Union---and in an Executive Order

By Raffaela Wakeman
Tuesday, February 12, 2013, 10:01 PM

Just in time for his State of the Union Address, President Obama has signed and released his executive order on cybersecurity. And we have it all right here in one place for you. First, the part of the address related to cybersecurity:

America must also face the rapidly growing threat from cyber-attacks.  We know hackers steal people’s identities and infiltrate private e-mail.  We know foreign countries and companies swipe our corporate secrets.  Now our enemies are also seeking the ability to sabotage our power grid, our financial institutions, and our air traffic control systems.  We cannot look back years from now and wonder why we did nothing in the face of real threats to our security and our economy.

That’s why, earlier today, I signed a new executive order that will strengthen our cyber defenses by increasing information sharing, and developing standards to protect our national security, our jobs, and our privacy.  Now, Congress must act as well, by passing legislation to give our government a greater capacity to secure our networks and deter attacks.

And he ad-libbed: "This is something we should be able to get done on a bipartisan basis."

The factsheet summarizes the Administration's three "imperatives" and  six deliverables:

Three strategic imperatives drive the Federal approach to strengthen critical infrastructure security and resilience:

  • Refine and clarify functional relationships across the Federal Government to advance the national unity of effort to strengthen critical infrastructure security and resilience;
  • Enable effective information exchange by identifying baseline data and systems requirements for the Federal Government; and
  • Implement an integration and analysis function to inform planning and operations decisions regarding critical infrastructure.

Accomplishment of these imperatives will be through the successful completion of six key deliverables:

  • Development of a description of the functional relationships within the Department of Homeland Security and across the Federal Government related to critical infrastructure security and resilience within 120 days.
  • Completion of an assessment of the existing public-private partnership model and recommended options for improving the partnership within 150 days.
  • Identification of baseline data and systems requirements for the Federal Government to enable efficient information exchange within 180 days.
  • Development of a situational awareness capability for critical infrastructure within 240 days.
  • Update the National Infrastructure Protection Plan within 240 days.
  • Completion of a national critical infrastructure security and resilience research and development plan within 2 years.

And here is the executive order itself, the factsheet, and the policy directive.