Security Magazine logo
search
cart
facebook twitter linkedin youtube
  • Sign In
  • Create Account
  • Sign Out
  • My Account
Security Magazine logo
  • NEWS
    • Security Newswire
    • Technologies & Solutions
  • MANAGEMENT
    • Leadership Management
    • Enterprise Services
    • Security Education & Training
    • Logical Security
    • Security & Business Resilience
    • Profiles in Excellence
  • PHYSICAL
    • Access Management
    • Fire & Life Safety
    • Identity Management
    • Physical Security
    • Video Surveillance
    • Case Studies (Physical)
  • CYBER
    • Cybersecurity News
    • More
  • BLOG
  • COLUMNS
    • Cyber Tactics
    • Leadership & Management
    • Security Talk
    • Career Intelligence
    • Leader to Leader
    • Cybersecurity Education & Training
  • EXCLUSIVES
    • Annual Guarding Report
    • Most Influential People in Security
    • The Security Benchmark Report
    • The Security Leadership Issue
    • Top Guard and Security Officer Companies
    • Top Cybersecurity Leaders
    • Women in Security
  • SECTORS
    • Arenas / Stadiums / Leagues / Entertainment
    • Banking/Finance/Insurance
    • Construction, Real Estate, Property Management
    • Education: K-12
    • Education: University
    • Government: Federal, State and Local
    • Hospitality & Casinos
    • Hospitals & Medical Centers
    • Infrastructure:Electric,Gas & Water
    • Ports: Sea, Land, & Air
    • Retail/Restaurants/Convenience
    • Transportation/Logistics/Supply Chain/Distribution/ Warehousing
  • EVENTS
    • Industry Events
    • Webinars
    • Solutions by Sector
    • Security 500 Conference
  • MEDIA
    • Videos
      • Cybersecurity & Geopolitical Discussion
      • Ask Me Anything (AMA) Series
    • Podcasts
    • Polls
    • Photo Galleries
  • MORE
    • Call for Entries
    • Classifieds & Job Listings
    • Continuing Education
    • Newsletter
    • Sponsor Insights
    • Store
    • White Papers
  • EMAG
    • eMagazine
    • This Month's Content
    • Advertise
  • SIGN UP!
Security NewswireInfrastructure:Electric,Gas & Water

President Obama Issues Executive Cyber Security Order

The Role of Information Sharing and Information Superiority

By Andrew B. Serwin
Generic Image for Logical Security
February 14, 2013

On February 12, 2013 President Obama issued a new Executive Order focused on improving cyber security for critical infrastructure, by improving information sharing, creating a framework to reduce cyber risk, and identifying critical infrastructure that is at the greatest risk.

There are four key takeaways. First, many companies that do not believe they are part of the critical infrastructure will be considered critical infrastructure. Second, the government will be taking a more active role in attempting to have companies designated as critical infrastructure become more aware and compliant regarding cyber security. This will likely result in pressure on these companies to increase security (with resulting increases in spending) as the government will be attempting to have companies follow a cyber security framework that will be created. Third, information sharing continues to be a focus to address the cyber threat. Fourth, there are strategies that companies can use to help address these issues, and they are discussed below after the summary of the Executive Order.

Defining Critical Infrastructure

This is a definition that will go far beyond what people traditionally think of as “critical infrastructure” and executives must consider the impact of this Executive Order, and more importantly how they can help their companies address this risk.

DHS has previously identified 18 critical infrastructure Sectors: Food and Agriculture; Banking and Finance; Chemical; Commercial Facilities; Communications; Critical Manufacturing; Dams; Defense Industrial Base; Emergency Services; Energy; Governmental Facilities; Healthcare and Public Health; Information Technology; National Monuments and Icons; Nuclear Reactors, Materials and Waste; Postal and Shipping; Transportation Systems; and Water.

The Executive order may expand this list because the order focuses on any “systems or assets, whether physical or virtual, so vital to the United States that the incapacity or destruction of such systems and assets would have a debilitating impact on security, national economic security, national public health or safety, or any combination of those matters.” The Executive Order contemplates making this determination based upon a new risk-based assessment to identify critical infrastructure where a cyber security incident could “reasonably result in catastrophic regional or national effects on public health or safety, economic security, or national security.” The owners of businesses in the critical infrastructure will be notified that they have been deemed to be critical infrastructure, and the businesses have the opportunity to ask for reconsideration of this designation.

Information Sharing

The first substantive focus of the Executive Order is information sharing, and as noted in prior posts by the Lares Institute, this is a critical issue as in many cases the public sector has better threat intelligence than the private sector, though the private sector is often the target of a cyber attack. There have been prior Executive Orders from both President Bush and President Obama related to information sharing, and this order again reiterates the need for the public sector to share non-classified information with the private sector to help address the cyber security problem. It also orders the Attorney General, the Secretary of Homeland Security, and the Director of National Intelligence to issue instructions consistent with this order to ensure the release of appropriate information to the private sector. Consistent with Executive Order 13549, there are also provisions focused on expediting the clearance process to enable information sharing.

Consultative Process

Recognizing the need to build consensus and gather information, the Secretary of DHS is also required to establish a consultative process to coordinate improvements to the critical infrastructure.

Cyber Security Framework

Building upon that, the order also requires the Department of Commerce to direct NIST to create a framework to reduce cyber risk to the critical infrastructure in a way that establishes cross-sector security standards and guidelines. This is to provide a “a set of standards, methodologies, procedures, and processes that align policy, business, and technological approaches to address cyber risks” and will “incorporate voluntary consensus standards and industry best practices to the fullest extent possible.” There is to be a technology neutral framework that enables competition for addressing cyber risks. There is to be a public comment and review process, and there is to be a preliminary version of the framework released within 240 days of the order, and the final order is to be released within 1 year.

DHS is also required to, in coordination with other agencies, establish a voluntary program to support the adoption of the framework. In order to encourage participation, the order contemplates the creation of incentives to promote participation in the program.

Once the framework is created, there is to be a governmental review of the existing cyber security regulatory requirements to make sure that these regulations are sufficient given the current risks, and additional actions may be contemplated if the existing regulations are deemed insufficient.

Privacy and Civil Liberties

There was also a privacy and civil liberties focus, because the Executive Order mandates that the CPO and the Officer for Civil Liberties of DHS are to produce a public report regarding the privacy impact of these new requirements.

Information Sharing and Information Superiority

As noted in a prior post, Information Superiority and Information Sharing—A Solution for the Public and Private Sector, information sharing and information superiority are critical steps any company can take to address the cyber issue. As I have previously noted, there are four key steps:

  • The first step companies must take to implement Information Superiority, and reduce the chances of an exploitable information imbalance, is understand what information they have.
  • The second step companies must take is to create a governance structure that includes key senior stakeholders from departments that are relevant to governing information.
  • The third step companies must take is to create a framework that classifies the company’s information based upon sensitivity.
  • The fourth step companies must take is to make systematic behavioral changes to how information is collected and processed, so that information is appropriately shared with key stakeholders, both internal and external.

As the threats continue to grow, and the chances of governmental action increase, these are steps that companies can take to get ahead of the cyber security framework, and also reduce their cyber security risk. In these times of doing more with less, using Information Superiority to focus security efforts also offers many companies a path forward to address cyber concerns.

KEYWORDS: cyber risk mitigation information sharing infrastructure security security executives

Share This Story

Looking for a reprint of this article?
From high-res PDFs to custom plaques, order your copy today!

Andrew B. Serwin is Chair of Privacy Security and Information Management Practice at law firm Foley & Lardner and member of the advisory board of the Naval Post Graduate School's Center for Asymmetric Warfare. Serwin is also author of the leading treatise on privacy and security, "Information Security and Privacy: A Guide to Federal and State Law and Compliance," a 4,000 page book that examines all aspects of privacy and security laws.  Serwin has been named to Security Magazine's "25 Most Influential Industry Thought Leaders" as well.

Recommended Content

JOIN TODAY
To unlock your recommendations.

Already have an account? Sign In

  • Security's Top Cybersecurity Leaders 2024

    Security's Top Cybersecurity Leaders 2024

    Security magazine's Top Cybersecurity Leaders 2024 award...
    Cybersecurity
    By: Security Staff
  • cyber brain

    The intersection of cybersecurity and artificial intelligence

    Artificial intelligence (AI) is a valuable cybersecurity...
    Security Enterprise Services
    By: Pam Nigro
  • artificial intelligence AI graphic

    Assessing the pros and cons of AI for cybersecurity

    Artificial intelligence (AI) has significant implications...
    Cybersecurity
    By: Charles Denyer
Subscribe For Free!
  • Security eNewsletter & Other eNews Alerts
  • eMagazine Subscriptions
  • Manage My Preferences
  • Online Registration
  • Mobile App
  • Subscription Customer Service

More Videos

Sponsored Content

Sponsored Content is a special paid section where industry companies provide high quality, objective, non-commercial content around topics of interest to the Security audience. All Sponsored Content is supplied by the advertising company and any opinions expressed in this article are those of the author and not necessarily reflect the views of Security or its parent company, BNP Media. Interested in participating in our Sponsored Content section? Contact your local rep!

close
  • Crisis Response Team
    Sponsored byEverbridge

    Automate or Fall Behind – Crisis Response at the Speed of Risk

  • Perimeter security
    Sponsored byAMAROK

    Why Property Security is the New Competitive Advantage

  • Duty of Care
    Sponsored byAMAROK

    Integrating Technology and Physical Security to Advance Duty of Care

Popular Stories

Red laptop

Cybersecurity leaders discuss Oracle’s second recent hack

Pills spilled

More than 20,000 sensitive medical records exposed

Coding on screen

Research reveals mass scanning and exploitation campaigns

Laptop in darkness

Verizon 2025 Data Breach Investigations Report shows rise in cyberattacks

Computer with binary code hovering nearby

Cyberattacks Targeting US Increased by 136%

2025 Security Benchmark banner

Events

May 22, 2025

Proactive Crisis Communication

Crisis doesn't wait for the right time - it strikes when least expected. Is your team prepared to communicate clearly and effectively when it matters most?

November 17, 2025

SECURITY 500 Conference

This event is designed to provide security executives, government officials and leaders of industry with vital information on how to elevate their programs while allowing attendees to share their strategies and solutions with other security industry executives.

View All Submit An Event

Products

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

See More Products

Related Articles

  • smartphone-app-development-freepik.jpg

    Why mobile app developers need to prioritize user data privacy and security — and what they can do to ensure it

    See More
  • cyber security

    President Biden signs executive order to strengthen U.S. cybersecurity defenses

    See More
  • Security sandbox podcast with CSO Amanda Fennell

    CSO Amanda Fennell brings her unconventional approach to legal, cyber and compliance issues to the Security Sandbox podcast

    See More

Related Products

See More Products
  • security culture.webp

    Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

  • 9780367030407.jpg

    National Security, Personal Privacy and the Law

  • Physical-Security-and-Safet.gif

    Physical Security and Safety: A Field Guide for the Practitioner

See More Products
×

Sign-up to receive top management & result-driven techniques in the industry.

Join over 20,000+ industry leaders who receive our premium content.

SIGN UP TODAY!
  • RESOURCES
    • Advertise
    • Contact Us
    • Store
    • Want More
  • SIGN UP TODAY
    • Create Account
    • eMagazine
    • eNewsletter
    • Customer Service
    • Manage Preferences
  • SERVICES
    • Marketing Services
    • Reprints
    • Market Research
    • List Rental
    • Survey/Respondent Access
  • STAY CONNECTED
    • LinkedIn
    • Facebook
    • YouTube
    • X (Twitter)
  • PRIVACY
    • PRIVACY POLICY
    • TERMS & CONDITIONS
    • DO NOT SELL MY PERSONAL INFORMATION
    • PRIVACY REQUEST
    • ACCESSIBILITY

Copyright ©2025. All Rights Reserved BNP Media.

Design, CMS, Hosting & Web Development :: ePublishing