A recent
Congressional Research Service report for Congress (CRS report) provides an overview of Executive Order 13636, Improving Critical Infrastructure Cybersecurity. Cybersecurity is an umbrella term that now includes different kinds of attacks such as cyberthreats, cyberterrorists, cyberspies, cyber thieves, cyber warriors, and cyberhacktivists.
According to the CRS report, the executive order attempts to address these threats by using existing statutory and constitutional authority to:
- expand the Department of Homeland Security’s program of information sharing and collaboration,
- develop cybersecurity standards and best practices,
- establish a consultative process,
- identify critical infrastructure with high priority for protection,
- establish a program with incentives for voluntary adoption of the framework,
- review cybersecurity regulatory requirements to determine if they are sufficient and appropriate, and
- incorporate privacy and civil liberties protections.
While many see the executive order as necessary in the absence of comprehensive cybersecurity legislation, the CRS report noted that others have raised concerns about the order, including claims that it does not do much more than the existing processes and could make enactment of legislation less likely.