On February 21, 2013 President Obama took direct action to bolster cyber security. He issued an Executive Order and a Presidential Policy Directive designed to provide a government catalyst to information security across the US Critical Infrastructure.
Key features of both include broadened information sharing from the Federal government in what appears to be classified and unclassified formats. In addition, the National Institute of Standards and Technology (NIST) was directed to develop a technical framework to give organizations guidance on how to implement proper security measures. According to the EO, the framework will provide “a prioritized, flexible, repeatable, performance-based, and cost-effective approach, including information security measures.”
One of the purposes of the information sharing is to ensure that specific target entities could receive focused reports on the threat. From the body of the EO it would appear that there will unclassified and classified versions of the information.
Cyber security programs for the critical infrastructure will be shepherded by designated government agencies who will act as the focal point for information sharing and cyber security for their assigned sectors. The 18 sectors of the Critical Infrastructure can be found at: http://www.dhs.gov/critical-infrastructure-sectors.
TAL Global believes that the organizations need to:
- Be sure that their cyber security programs meet or exceed those found in the new framework. We believe that the new framework is very likely to be regarded as “the standard of care” – meaning the minimum level of protection needed in order to avoid being considered negligent.
- Establish a mechanism for cyber situational awareness to include designated individuals (or specific organization) as the liaison with the supervising government agency.
- Consider nominating selected individuals within your organization for the appropriate security clearance so that you will have access to all the information he government releases.
- Insure that the Board of Directors is aware and informed of the implications of the President’s actions.
We look forward to working with our clients to insure that they are best able to benefit from this long sought after push into cyber security.
Larry Dietz, TAL Global’s General Counsel and Managing Director of Information is giving two presentations at the RSA Conference in San Francisco next week.
He is facilitating a Peer to Peer “Roundtable on Anonymous” on Tuesday, 26 Feb at 350 PM and presenting “Legal Aspects of BYOD” on Thursday, 28 Feb at 140 PM.
Executive Order February 12, 2013
Presidential Policy Directive – Critical Infrastructure and Resilience PPD-21
These selected provisions from the Executive Order appear below for your information only and should not be included in the article per se.
Broadened sharing information
ensure the timely production of unclassified reports of cyber threats to the U.S. homeland that identify a specific targeted entity.
to the targeted entity. Such process shall also, consistent with the need to protect national security information, include the dissemination of classified reports to critical infrastructure entities authorized to receive them.
This voluntary information sharing program will provide classified cyber threat and technical information from the Government to eligible critical infrastructure companies or commercial service providers that offer security services to critical infrastructure.
(d) The Secretary, as the Executive
expedite the processing of security clearances to appropriate personnel employed by critical infrastructure owners and operators
The Cybersecurity Framework shall provide a prioritized, flexible, repeatable, performance-based, and cost-effective approach, including information security measures and controls, to help owners and operators of critical infrastructure identify, assess, and manage cyber risk.
Under sector specific agencies
TAL Global is an international security consulting and risk management firm that provides a comprehensive array of investigative, disaster mitigation planning and risk management services. Our extensive international network of professionals enables us to provide our clients with the highest level of security and loss prevention services around the globe. Our commitment to an impeccable standard of ethics has earned us an unparalleled international reputation for professionalism and excellence among many Fortune 500 corporations.
Recent News & Posting: