The White House is preparing to direct federal agencies to develop voluntary cybersecurity guidelines for owners of power, water and other critical infrastructure facilities, according to people who say they have seen recent drafts of an executive order, an article from Reuters reports.
The prospective order would give agencies 90 days to propose new regulations and create a new cyber security council at the Department of Homeland Security with representatives from the Defense Department, Justice Department, Director of National Intelligence and the Department of Commerce, a former government cyber-security official told Reuters.
“It tells those who have the ability to regulate to go forth and do so,” says the person, who is currently outside the government and spoke on condition of anonymity to preserve access to government officials, the article says.
The draft executive order includes elements of what had been the leading cyber security overhaul bill in the Senate, which was defeated this summer amid opposition from industries against the increase regulation, Reuters reports.
Senate Homeland Security Committee Chairman Joe Leiberman, an independent and one of the principal authors of that bill, urged the White House to issue such an order, the article says.
“The Department of Homeland Security has clear authority, if directed by you, to conduct risk assessments of critical infrastructure, identify those systems or assets that are most vulnerable to cyber attack and issue voluntary standards for those critical systems or assets to maintain adequate cybersecurity,” Leiberman wrote to President Barack Obama.
Former White House cyber security policy coordinator Howard Schmidt says the proposed order would also ask DHS to confer with independent agencies, such as electric regulators and others that don’t answer to the president, to see who would take responsibility on cyber security, the article reports. The hope is, Schmidt says, that those agencies who do not want DHS to act will regulate themselves.