A day earlier than expected, President Obama announced that he has signed a long-awaited executive order on cybersecurity.
“Now our enemies are also seeking the ability to sabotage our power grid, our financial institutions, and our air traffic control systems,” Obama said during his State of the Union Address Tuesday. “We cannot look back years from now and wonder why we did nothing in the face of real threats to our security and our economy.
That’s why, earlier today, I signed a new executive order that will strengthen our cyber defenses by increasing information sharing, and developing standards to protect our national security, our jobs, and our privacy.”
The order takes greater pains to address users’ Internet privacy than some other proposed cybersecurity bills, most notably the Cyber Intelligence Security Protection Act (CISPA), which will be reintroduced into the House Wednesday afternoon.
Obama’s advisors, citing privacy concerns, have threatened that he would veto CISPA if it comes to his desk, but he hasn’t reaffirmed that promise in recent months.
Notably, the new executive order applies only to “critical infrastructure,” or attacks on networks “so vital to the United States that the incapacity or destruction of such systems and assets would have a debilitating impact on security, national economic security, national public health or safety, or any combination of those matters.”
This is in accordance with what some privacy advocates, including the Senate’s sole signer of the Declaration of Internet Freedom, Ron Wyden (D-Ore.), have argued for. Directives that only apply to critical infrastructure should mean that they wouldn’t give the government greater access to social networks, like Google and Facebook, where users are most likely to casually store their personal information.
The order devotes a section to “Privacy and Civil Liberties Protections” and calls for a report, due in one year, to assess “privacy and civil liberties risks.”
“The president’s executive order rightly focuses on cybersecurity solutions that don’t negatively impact civil liberties,” the American Civil Liberties Union’s Michelle Richardson said in a prepared statement. “EO is not #CISPA;” she tweeted.
The order “does not amend privacy statutes,” she said.
Obama’s order, by definition, doesn’t have as much power as a law passed by Congress, and he asked Congress to create and pass its own cybersecurity bill—a task it’s not had much success with in the past year.
“Now, Congress must act as well, by passing legislation to give our government a greater capacity to secure our networks and deter attacks,” he said.
Screengrab via State of the Union 2013/YouTube