On February 12, 2013 President Obama issued a new Executive Order focused on improving cyber security for critical infrastructure, by improving information sharing, creating a framework to reduce cyber risk, and identifying critical infrastructure that is at the greatest risk.
There are four key takeaways. First, many companies that do not believe they are part of the critical infrastructure will be considered critical infrastructure. Second, the government will be taking a more active role in attempting to have companies designated as critical infrastructure become more aware and compliant regarding cyber security. This will likely result in pressure on these companies to increase security (with resulting increases in spending) as the government will be attempting to have companies follow a cyber security framework that will be created. Third, information sharing continues to be a focus to address the cyber threat. Fourth, there are strategies that companies can use to help address these issues, and they are discussed below after the summary of the Executive Order.