Well maybe not an official leak of the whole document that we can point you to however some good paraphrasing has come about… Previously we’ve briefly touched on this idea of the president using an Executive Order (EO) to implement some of his provisions after the failed legislation earlier this year. Since then this option looks more and more like the course of action the president will take. Overall, we find this EO idea fascinating as it’s the first one most of us will probably live through … at least in our field as responsible adults. It’s sort of like the first impeachment some of us had to endure during the Clinton presidency.
Anyway, based on a report by Jason Miller on Fed News Radio, the Skating on Stilts blog has put together a nice point-by-point summary of the potential EO that may someday in the near future have an affect on how the government and other regulated industries do security. The draft EO comes in eight sections, which address everything from who would lead this effort to the controversial information sharing idea. Here’s a quick rundown of each section…
- Identify Lead: DHS will create and chair a council to coordinate the mission on securing our country’s critical infrastructure.
- Propose Responsibility: The council will propose which agencies will be responsible for each of the infrastructures.
- Identify Infrastructure Owners: Within 60 days the council will identify the critical infrastructure owners, who they’ll “ask” to participate in a cybersecurity framework.
- Develop Mitigation Framework: Within 90 days the council will develop a mitigation framework and within 180 days will put it out for public comment.
- Create Encouragement Program: The council will next create a program that encourages companies to take part in the cybersecurity framework (e.g., public disclosure of who’s in and who’s out).
- Suggest Other Incentives: Regarding the previous bullet point, other possible incentives for companies to take part will include, e.g., acquisition preferences and liability protections.
- Relate to FISMA: DHS will identify other agencies that have critical infrastructure and push them to comply.
- Encourage Information Sharing: Industry will be asked to voluntarily submit data on cyber threats and DHS will review this effort for privacy issues.
Should we really be using EOs to bypass failed legislative efforts? Let us know in the comments below. Today’s post pic is from FloppingAces.net. See ya!