Early bird prices are coming to an end soon... ⏰ Grab your tickets before January 17

This article was published on September 15, 2012

Inside the leaked White House cybersecurity executive order


Inside the leaked White House cybersecurity executive order

Last night TechDirt managed to secure a copy of the draft cybersecurity executive order that the Obama administration has circulated. TNW has read TechDirt’s report and the executive order. This post is an explanation of current thought concerning the draft, its contents, and naturally, our own analysis.

As primer, if you recall we last left off on this issue with an op-ed from the opposition party in the United States Senate blasting the President’s proposed plan, the executive order, and instead advocating an approach such as occurred in the House. TNW’s deconstruction of that particular piece of writing can be found here.

Definitions

The term ‘critical infrastructure’ has been bandied about for long enough that having a definition of the phrase would be useful. Happily, the order provides one:

Critical infrastructure provides the essential services that underpin American society […] including assets, networks, systems, functions […] vital to the Nation’s safety, prosperity, well-being, and public confidence.

Annoyingly, and this is going to be a trend, that definition is massively broad, and hard to pin down. Nearly any public service that impacts people on a city-wide level could construed as ‘critical,’ under the its wording. The final three criteria are almost humorous, that something can be deemed as ‘critical’ if it merely could potentially harm our public confidence.

What is the view of the Administration, in regards to cybersecurity? That it is a “national unity effort.” Finally, which bits of the above defined critical infrastructure grid of our country are the most important? According to the executive order, the communications and energy sectors rule the roost.

Keep those points in mind as they gird the following ideas.

Tenets

From the leaked PDF of the order, here are the three core thrusts of the President’s proposed order:

Component to those ‘imperatives’ is collaboration between the various levels of government, and the agencies that deal with certain areas of the country – think the Department of the Interior assigned to securing national monuments.

Who runs the show? Interestingly, the Secretary of Homeland Security. This almost appears to be a cover play. Calling the Secretary the ‘strategic coordinator,’ the order cites the Homeland Security Act of 2002, stating that it is her role to ‘evaluate challenges and risks.’ And thus, she gets to do cybersecurity as well.

How is this cover? If the Administration was to collect the power in the order to itself in a more direct fashion, perhaps appointing a new secretary to run the gig, it would be accused of a power play. Instead, it’s simply offering policy for the Federal government, under the aegis of an already passed Act. Not bad political jujitsu, it must be said.

From the General Services Administration to the Nuclear Regulatory Commission, the order outlines how different branches of the Federal government are to act. However, the document is light on specifics. The following isn’t an abnormal paragraph:

TechDirt, in its first-look analysis called the order ‘vague.’ TNW agrees. Broad, and vague.

Issues

TNW has not yet had enough time to come to a full conclusion on the order’s every piece, but the section on the imperative to “Develop and implement an information exchange framework to enable effective collaboration” is devoid of notes on how the privacy of individuals will be protected.

A full three paragraphs are spent detailing why collaboration between the private and public sphere in regards to data sharing is important, and why relationships thereof should be built. Even the need for an evolving process to adapt to new sorts of data is noted. Privacy is not.

Further down in the order, there is another section on the information exchange, entitled ‘Development of an information exchange framework.” Again, it contains no mention of privacy. This is as close as the directives come to considering the privacy of the individual:

The omission is telling.

The EFF and other legal authorities will surely have their own analysis out soon. However, this primer should help you better track the debate that will ensue in the coming weeks. Keep your eyes on TNW – we have it covered.

Top Image Credit: Mark Skrobola

Get the TNW newsletter

Get the most important tech news in your inbox each week.

Published
Back to top