Image: Keith Allison
The Obama administration's new push to strengthen the nation's cybersecurity will require significant help from private industries as well as Congress to be successful, federal officials said on February 13.
At a standing-room only crowd of lawyers, business leaders, and Capitol Hill staffers packed into the U.S. Department of Commerce, federal cybersecurity experts who will be implementing the president's new executive order and policy directive struck a coordinated tone of cooperation.
Michael Daniel, White House cybersecurity coordinator said, "Cyber is a team sport." General Keith Alexander, director of the National Security Agency said, "We have to have government and industry working together as a team."
"This is about teamwork, this is about working together," said Patrick Gallagher, the director of the National Institute of Standards and Technology, which President Barack Obama ordered to develop a "cybersecurity framework" on how the nation's critical infrastructure can best deter attacks.
The overwhelming majority of critical infrastructure, such as financial institutions and utilities, is owned and operated by private companies. "By working together ... , we're going to make this successful," Gallagher said. "The U.S. has always turned to industry to be the main driver of these types of standards."
Gallagher announced that the institute will issue a "Request for Information" from critical infrastructure owners and operators, governments, and other stakeholders. The agency will ask organizations to share their current risk management practices; use of frameworks, standards, guidelines and best practices; and other industry practices.
Those questions will be posted on the institute's website. It plans to hold workshops over the next several months to collect additional input and will complete the framework within one year. Gallagher urged the public to immediately start that dialogue.
Otherwise, the announcement was short on details beyond what was included in the executive order and policy directive, signed on February 12 and announced by Obama during his State of the Union address that night.
The executive order will allow for improved sharing of cyberthreat information between the government and private companies and develop federal standards to best deter attacks. It also calls upon federal agencies to review existing cybersecurity regulations and determine whether they enjoy the legal authority to require improved defenses at the nation's critical infrastructure companies.
Several speakers urged action from Congress, as well. "We need legislation and we need it quickly to defend our nation," Alexander said.
"This executive order is just a down payment, it's a down payment on legislation," said Daniel.
DOJ Deputy Attorney General James Cole also spoke at the announcement, emphasizing that the process for implementing the executive order will be transparent and also have safeguards to protect the privacy and civil liberties of the public.