During his State of the Union address On February 12, 2013, President Obama announced an Executive Order that pertained to Cyber Security and information sharing. He stated the need for better protection against hackers, including foreign countries that have tried in the past to collect corporate and personal information. All Things D published the executive order in its entirety. Many have questioned whether this will have little, beneficial or detrimental effects on the network security industry. Below is a small sample of what a few industry news sources have been saying. What are your thoughts?
Securityweek.com noted the executive order called for the voluntary reporting of threats to US infrastructure, including items such as power and water systems. If provisions of the act are voluntary, it may not have the desired effect the president is looking for. It may end up mitigating the desire to increase collaboration and share information about potential threats, but at the same time allows companies to keep a tighter hold on priority information.
Marketwatch referenced a Citigroup analyst who suggested that despite good intentions; past initiatives like the president suggested have generally had little impact on spending. If there is little impact on spending, would the act’s non voluntary pieces only serve to get in the way of security companies ability to grow in an environment that is becoming increasingly more regulated?
According to Bloomberg, the executive order will direct the National Institute of Standards and Technology to create a set of standards for cyber security corporations, which will then work with federal agencies on a voluntary basis encouraging companies to adopt the security standards. According to Mary Callahan in the same article, part of the problem lay within that fact that Obama can’t give legal immunities to companies for exchanging cyber threat information causing concern about other restrictions on the exchange of data. Walter Pritchard notes that the executive action could potentially benefit existing cyber security companies, but simultaneously states that and increase on technological spending is likely minimal.
Ajay Banga the president of MasterCard, cited by The Christian Science Monitor. He says, “We need help from government that only government can provide, including intelligence information to counter growing threats. We are encouraged that the Executive Order will facilitate additional information sharing between government and the private sector.” Many CEOs from leading companies are a part of the Business Roundtable that encouraged support for the other and the potential for it to provide additional information sharing between both the private sector and the government.
In a ZDNet story, The ACLU went on the record saying they were extremely resistant to potential invasive measures against personal privacy. The ACLU has opposed earlier cyber security measures before congress, including CISPA and SOPA. Organizations such as the ACLU believe that the marriage of companies related to the internet and the government will produce a snowball effect leading to further encroachment into personal privacy over time. Perhaps the growing concern over invasions of personal liberty and privacy is something that companies want to maintain their distance from, and the existence of the new executive action will put network security companies in the crosshairs of groups like the ACLU.