Cybersecurity Executive Order Creates Confusion

With the upcoming Presidential Executive Order on Cyber Security set to go into effect in early 2014, private business within 16 key areas “critical infrastructure” must consider how they plan on complying with the order. This is especially true for the nation’s utility companies, a particularly critical sector and one that has an impact on the daily life of the citizens of the U.S. For the most part, the order breaks down to efforts at coordination between governmental entities and private business.

Most private business have policies and standards in place to deal with a natural or manmade disaster, but standards can only get you so far. The other side of the equation deals with close coordination and information sharing, exactly the problem that the EO attempts to alleviate. And while there is some confusion as to what exactly the order means for them, some things remain clear:

  • All utility companies have to comply with the order. To this end, the best thing that a utility company can do involves learning about the order and reading it to learn how the order affects you.
  • Be ready to share information. Utilities need to accept the fact that the government is requiring compliance from all involved to facilitate the development of effective defenses against such attacks.
  • The EO more than likely will have some effect on the North American Electric Reliability Corporation Critical Infrastructure Protection (NERC CIP). Whether that involves adopting the measures already in place or reworking them to reduce their size of them, a common complaint with NERC CIP.

One thing remains clear; something needs to be done and fast. The longer that the U.S. waits to adopt some form of protective measures, the more the chance that an attack on the nation’s critical infrastructure takes place. The sharing of information is just one step down the road to a better protected nation.

For more information about the new cybersecurity order, visit: