On 12 February 2013 the President released an executive order titled: ‘Improving Infrastructure Cybersecurity . This order and a recent report highlighting the Chinese Government’s supposed cyber capabilities  has raised the profile of cyber threat, causing people to feel perhaps more vulnerable than ever. This post will expand upon the Executive Order – trying to explain what it means for the average employee and employer.
Are we justified in feeling under threat as businesses and individuals?
The short answer to this question is probably a little, but it must be taken with a healthy dose of realism. The first job of any Government is to protect the people that it serves and the Executive Order is trying to do just that. This order is aimed at addressing threats to what is known as critical infrastructure, such as power stations and water supplies. If this infrastructure is damaged or interrupted, a large number of people could be threatened. In the same way as the Armed Forces has the equipment, processes and structures to shoot down an incoming missile, this bit of legislation is aimed at building defensive structures and practices against hostile cyberattack.
The Executive Order aims to protect Americans from the most damaging types of cyberattack. In the cyber world, most feel secure. What is felt to be lacking however is:
Information Sharing on threats
- An overall Cybersecurity Framework
- Some aspects of Privacy and Civil Liberties Protections
So what does it mean for me?
It builds on existing legislation, mostly dating from 2009, that imposes some sensible measures. A particular aspect is the requirement for organizations involved with critical infrastructure to report attempted cyberattacks. In the long run, this may give the average person a clearer picture on the level of hostile activity directed against our Nation’s Critical Infrastructure.
This legislation impacts the average American in a number of ways. As a citizen, the legislation aims to protect your safety, uphold privacy and defend civil liberty. As a worker involved in critical infrastructure, it intends on increasing communication on cyber threats and as a worker or manager in a business the framework could assist in imposing industry standards and best practice.
What can you do?
All of the advice that is normally offered in relation to cyber security remains valid, things such as ensuring virus protection is up to date and sensitive data and waste is appropriately managed and destroyed. There is an existing fact sheet aimed at CEOs published by the department for Homeland Security . Destroying sensitive data is key to protecting your companies and information.