Implementing the Cybersecurity Executive Order Will Hinge on Industry

Published: March 07, 2013

DOCCybersecurityPolicy and Legislation

A joint hearing on cybersecurity is scheduled for March 7, 2013 at 2:30 p.m. Entitled “The Cybersecurity Partnership Between the Private Sector and Our Government: Protecting our National and Economic Security,” the focus of the event will be to examine the development and implementation of the cyber executive order (EO) with consideration for ongoing needs for comprehensive legislation.

Over the past year, the security vulnerabilities of the country’s critical infrastructure have received increasing attention. As Senator Tom Carper, Chairman of the Senate Homeland Security and Governmental Affairs Committee put it, “we learn of more cyber attacks that underscore just how vulnerable we really are to malicious hackers seeking to steal from us or do us harm. Attacks of any size can hurt our individual pocketbooks, our nation’s economy and global competiveness, and undermine the free exchange of thoughts and ideas. They could even put our lives and health in danger. Our nation urgently needs a modern approach to ensuring the security of cyber space.” Looking at the owners and operators of infrastructure like water systems, banks, transportation networks, and the electric grid helps to illustrate private industry’s role as a stakeholder in this situation.
Two areas called out in the cybersecurity EO involved government partnership with industry: strengthening the industrial base and the development of a security standards. Specifically, Commerce’s National Institute of Standards and Technology (NIST) was tasked with collaborating with stakeholders across government, academia and industry to form a framework of cybersecurity best practices and standards.
The hearing, jointly held by the Senate Homeland Security and Commerce panels, will be streamed live on the Senate Commerce Committee website. Obviously, the issues at stake in this exchange are relevant to vendors providing information security solutions. This goal of forming a “comprehensive partnership” stands to expand the impact of standards and best practices across providers working with government and private industry on information solutions. As the pressure on federal spending continues, government contractors may find opportunities in the private space resulting from new security standards. The goal of these stakeholder discussions is to strike a win-win, to improve security both on the national level and for private organizations. Defining the various responsibilities of roles in this partnership, however, will take time.