The goal of the executive order is to establish cybersecurity guidelines that companies would follow and encourage information sharing between private companies and the government.
In his State of the Union speech on Tuesday, Obama spoke about the potential impact cyberthreats could have on America’s future: “America must also face the rapidly growing threat from cyberattacks. Now, we know hackers steal people’s identities and infiltrate private emails. We know foreign countries and companies swipe our corporate secrets. Now our enemies are also seeking the ability to sabotage our power grid, our financial institutions, our air traffic control systems. We cannot look back years from now and wonder why we did nothing in the face of real threats to our security and our economy.”
The executive order, which took the administration months to draft up, stipulates that the National Institute of Standards and Technology, a section of the U.S. Department of Commerce, will develop the aforementioned standards. The Department of Homeland Security, at that point, would then work with federal agencies and companies on the voluntary program to adopt the cybersecurity standards.
However, some say the executive order is just showcasing the lack of action and ineptitude of Congress.
“In addition, the executive order highlights the fact that Congress has failed to pass meaningful privacy and cybersecurity legislation over the last few years, notwithstanding various policy statements by the Obama administration and certain federal agencies," Daren Orzechowski, intellectual property partner at White & Case, said in an email.
It seems like Obama agrees. In his address, Obama urged Congress to work together to pass actual laws regarding cybersecurity.
“But now Congress must act as well, by passing legislation to give our government a greater capacity to secure our networks and deter attacks," Obama said. "This is something we should be able to get done on a bipartisan basis.”
Obama's Executive Order Versus CISPA
For those who think Obama’s executive order sounds familiar, you’re not alone. The similarities between the executive order and CISPA are apparent. Essentially, the executive order covers the goals of CISPA, namely to increase communications between the private sector and the government. The main fault with CISPA, according to critics, is the concept of sacrificing individual privacy and civil liberties for the benefit of the government and corporations. But, while the two pieces of legislature may sound the same, they have some important differences.
Forbes said the executive order goes out of the way to ensure that the privacy of individuals remains intact, unlike CISPA. But the main difference between CISPA and the executive order is the legal jurisdiction the two have. Much of the executive order will be voluntary: The government has no legal authority to force companies to share their information or participate in a program that creates industry standards for cybersecurity. However, Reuters said the government will provide incentives for companies to participate in the cybersecurity program, but the government has yet to crystallize what they might be.
“They do fairly different things," Tien said. "The executive order can’t change any federal rules. It just changes the way the executive branch chooses to do things.”
Orzechowski agreed, saying there are holes in the executive order, because it can only do so much legally.
"The executive order fails to require businesses to meet certain minimum requirements for their technology systems and related security, arguably because such a requirement would require an act of Congress,” he said. “Information sharing alone, while helpful, will not be enough if the necessary security measures are not in place.”
According to the executive order, the Department of Homeland Security’s chief privacy officer will publish a public report on the effects the order has on privacy and digital civil liberties within a year.
For those interested, here's a copy of the full text of Obama's cybersecurity executive order.