WebProNews

Tag: executive order

  • President Biden Signs Executive Order on Cybersecurity

    President Biden Signs Executive Order on Cybersecurity

    President Biden has signed an executive order aimed at improving US cybersecurity in the wake of major attacks.

    The last few months have seen multiple high-profile, crippling cybersecurity attacks on US agencies and businesses. SolarWindsimpacted private and public organizations alike, with the full extentstill under investigation. Most recently, Colonial Pipeline was hit with a crippling ransomware attack, severely impacting fuel prices all along the East Coast.

    The threat is exacerbated by hacker groups that are state-sponsored, giving them access to the funds and technology needed to wreak havoc.

    In response, President Biden has issued an executive order aimed at “Improving the Nation’s Cybersecurity.” The order focuses on major changes, rather than incremental improvements, in an effort to keep pace with rapidly-evolving threats.

    Incremental improvements will not give us the security we need; instead, the Federal Government needs to make bold changes and significant investments in order to defend the vital institutions that underpin the American way of life. The Federal Government must bring to bear the full scope of its authorities and resources to protect and secure its computer systems, whether they are cloud-based, on-premises, or hybrid. The scope of protection and security must include systems that process data (information technology (IT)) and those that run the vital machinery that ensures our safety (operational technology (OT)).

  • President Biden Signs Executive Order to Review Supply Chain

    President Biden Signs Executive Order to Review Supply Chain

    President Biden has signed an executive order authorizing a review of the US supply chain, including semiconductors.

    The US has suffered from a number of major supply chain crises over the last year. At the outset of the pandemic, medical professions struggled with a shortage of PPE. Most recently, multiple industries have been impacted by a shortage of semiconductors. The automotive industry, in particular, has been one of the hardest hit.

    President Biden’s executive order is not a short-term solution, but is an attempt to devise a long-term plan to address the country’s need for semiconductors, pharmaceuticals, rare-earth elements and large-capacity batteries.

    “And the bottom line is simple: The American people should never face shortages in the goods and services they rely on, whether that’s their car or their prescription medicines or the food at the local grocery store,” said President Biden when announcing the executive order.

    The supply chain review will also help pave the way for additional jobs, as well as secure existing ones, by ensuring workers have the critical supplies they need. For example, the semiconductor shortage recently halted production at three GM plants. Ensuring a safe supply of critical components will keep companies and entire industries running.

    “This is about making sure the United States can meet every challenge we face in this new era — pandemics, but also in defense, cybersecurity, climate change, and so much more,” continued President Biden. “And the best way to do that is by protecting and sharpening America’s competitive edge by investing here at home. As I’ve said from the beginning, while I was running: We’re going to invest in America. We’re going to invest in American workers. And then we can be in a much better position to even compete beyond what we’re doing now.

    “Resilient, diverse, and secure supply chains are going to help revitalize our domestic manufacturing capacity and create good-paying jobs, not $15 an hour — which is what we need to do someday. And sooner is better, in my view. But jobs that are at the prevailing wage.”

  • Elizabeth Warren Seeks to Lessen Student Loan Burden

    On Monday, President Obama signed an executive order which would extend the ability to cap one’s student loan repayment amount at 10 percent of one’s income, finally allowing those who borrowed money before 2007 to take advantage of an opportunity many have already capitalized on. Following his own executive order, Obama continued to push student-loan legislation, however, as he endorsed Senator Elizabeth Warren’s new bill which seeks to lessen the burden on student loan borrowers across the country.

    The bill, titled Bank on Students Emergency Loan Refinancing Act, is co-sponsored by two other Democratic Senators – Al Franken of Minnesota and Dick Durbin of Illinois. Simply put, the bill’s mission is to help student loan borrowers reduce the interest rates on their student loan repayments. Currently, federal student loan interest rates are at 3.86 following the passage of a law which tied undergraduate student loan interest rates to the rates on Treasury bonds.

    If passed, Senator Warren’s bill would allow those who are currently paying the old federal student loan interest rate of 6.8 percent to refinance their loans to include the lower rate of 3.86 percent. The American Federation of Teachers estimates that this shift in interest rates would save students a total of $14 billion.

    Senator Warren’s bill comes on the heels of the release of her new book, A Fighting Chance, in which Warren discusses her poor upbringings and how the United States can help the middle classes and lower to achieve the American Dream once again: “I’m here … to give each one of our kids a fighting chance to build a future full of promise and discovery,” Warren states in her book.

    While the bill will have much popular support from the millions of people suffering from student loan debt in the United States (the second largest debt next to mortgages), it is going to face much opposition from the Republicans in Washington, many of whom see the bill as a disingenuous political push: “This bill doesn’t make college more affordable, reduce the amount of money students will have to borrow, or do anything about the lack of jobs grads face in the Obama economy,” complained Senate Minority Leader Mitch McConnell.

    House Speaker John Boehner echoed the sentiments of McConnell, stating, “Today’s much-hyped loophole closure does nothing to reduce the cost of pursuing a higher education or improve access to federal student loans — nor will it help millions of recent graduates struggling to find jobs in the Obama economy.”

    With 55 Democrats in the Senate and 60 votes needed to pass the bill, Senator Warren will have to be rhetorically savvy in the next two days in order to help push her bill through during the vote on Wednesday.

    Image via Wikimedia Commons

  • Obama’s Cybersecurity Executive Order Is No CISPA, Contains Privacy Protections

    Near the end of President Obama’s State of the Union address, he addressed the need for cybersecurity reform. He also confirmed the long standing rumor that he would indeed be signing an executive order into law that helps increase information sharing between the government and private corporations. What’s surprising, however, is that it does address many of the privacy concerns that privacy proponents had with bills like CISPA and CSA.

    With that being said, let’s get into the nitty gritty of the executive order, shall we? First up are details on how information sharing between public government entities and private corporations will work:

    Sec. 4. Cybersecurity Information Sharing. (a) It is the policy of the United States Government to increase the volume, timeliness, and quality of cyber threat information shared with U.S. private sector entities so that these entities may better protect and defend themselves against cyber threats. Within 120 days of the date of this order, the Attorney General, the Secretary of Homeland Security (the “Secretary”), and the Director of National Intelligence shall each issue instructions consistent with their authorities and with the requirements of section 12(c) of this order to ensure the timely production of unclassified reports of cyber threats to the U.S. homeland that identify a specific targeted entity. The instructions shall address the need to protect intelligence and law enforcement sources, methods, operations, and investigations.

    (b) The Secretary and the Attorney General, in coordination with the Director of National Intelligence, shall establish a process that rapidly disseminates the reports produced pursuant to section 4(a) of this order to the targeted entity. Such process shall also, consistent with the need to protect national security information, include the dissemination of classified reports to critical infrastructure entities authorized to receive them. The Secretary and the Attorney General, in coordination with the Director of National Intelligence, shall establish a system for tracking the production, dissemination, and disposition of these reports.

    (c) To assist the owners and operators of critical infrastructure in protecting their systems from unauthorized access, exploitation, or harm, the Secretary, consistent with 6 U.S.C. 143 and in collaboration with the Secretary of Defense, shall, within 120 days of the date of this order, establish procedures to expand the Enhanced Cybersecurity Services program to all critical infrastructure sectors. This voluntary information sharing program will provide classified cyber threat and technical information from the Government to eligible critical infrastructure companies or commercial service providers that offer security services to critical infrastructure.

    (d) The Secretary, as the Executive Agent for the Classified National Security Information Program created under Executive Order 13549 of August 18, 2010 (Classified National Security Information Program for State, Local, Tribal, and Private Sector Entities), shall expedite the processing of security clearances to appropriate personnel employed by critical infrastructure owners and operators, prioritizing the critical infrastructure identified in section 9 of this order.

    (e) In order to maximize the utility of cyber threat information sharing with the private sector, the Secretary shall expand the use of programs that bring private sector subject-matter experts into Federal service on a temporary basis. These subject matter experts should provide advice regarding the content, structure, and types of information most useful to critical infrastructure owners and operators in reducing and mitigating cyber risks.

    In short, this part of the order makes it easier for government and companies to share information between themselves. This is what CISPA and CSA hoped to accomplish, and this executive order accomplishes pretty much the same thing.

    What could be worrisome about this part of the order is that it makes it too easy to share information, but that would only be a concern if extensive privacy protections were not put in place. That’s where the next part of the order comes in:

    Sec. 5. Privacy and Civil Liberties Protections. (a) Agencies shall coordinate their activities under this order with their senior agency officials for privacy and civil liberties and ensure that privacy and civil liberties protections are incorporated into such activities. Such protections shall be based upon the Fair Information Practice Principles and other privacy and civil liberties policies, principles, and frameworks as they apply to each agency’s activities.

    (b) The Chief Privacy Officer and the Officer for Civil Rights and Civil Liberties of the Department of Homeland Security (DHS) shall assess the privacy and civil liberties risks of the functions and programs undertaken by DHS as called for in this order and shall recommend to the Secretary ways to minimize or mitigate such risks, in a publicly available report, to be released within 1 year of the date of this order. Senior agency privacy and civil liberties officials for other agencies engaged in activities under this order shall conduct assessments of their agency activities and provide those assessments to DHS for consideration and inclusion in the report. The report shall be reviewed on an annual basis and revised as necessary. The report may contain a classified annex if necessary. Assessments shall include evaluation of activities against the Fair Information Practice Principles and other applicable privacy and civil liberties policies, principles, and frameworks. Agencies shall consider the assessments and recommendations of the report in implementing privacy and civil liberties protections for agency activities.

    (c) In producing the report required under subsection (b) of this section, the Chief Privacy Officer and the Officer for Civil Rights and Civil Liberties of DHS shall consult with the Privacy and Civil Liberties Oversight Board and coordinate with the Office of Management and Budget (OMB).

    (d) Information submitted voluntarily in accordance with 6 U.S.C. 133 by private entities under this order shall be protected from disclosure to the fullest extent permitted by law.

    As you can see, the above text illustrates that the Obama administration has built some decent privacy protections into the executive order. It’s a major relief since some were concerned that the executive order would be just like CISPA, privacy violations and all.

    If you don’t want to take my word for it, the privacy protections in the executive order also got a pass from the ACLU. The organization’s Legislative Counsel Michelle Richardson had this to say about it:

    “The president’s executive order rightly focuses on cybersecurity solutions that don’t negatively impact civil liberties. For example, greasing the wheels of information sharing from the government to the private sector is a privacy-neutral way to distribute critical cyber information. More encouragingly, the adoption of Fair Information Practice Principles for internal information sharing demonstrates a commitment to tried-and-true privacy practices – like consent, transparency, minimization and use limitations. If new information sharing authorities are granted—especially the overbroad ones being pondered by the House – these principles will be more important than ever. We look forward to working with the administration to make sure that the devil isn’t in the details when privacy regulations are drafted.”

    Section seven of the order contains a number of strategies to be implemented by the government to address and counter any cyber attacks directed at critical infrastructure. The central point is the creation of a “cybersecurity framework” that will include “a set of standards, methodologies, procedures, and processes that align policy, business, and technological approaches to address cyber risks.” Keeping transparency as a central theme, the Director of the National Institute of Standards and Technology will “engage in an open and public review and comment process” during the creation of said framework.

    Government agencies will be required to implement the above framework, but it’s entirely voluntary for private operators of critical infrastructure. That being said, the Obama administration will be doing its damnest to convince these private institutions to incorporate cybersecurity standards. One way the administration will be doing this is through the creation of an incentive program that will be pitched to the administration within 120 days. It will then be implemented by the President if it does not require the passage of new laws. If it does, Obama will take his case to Congress.

    Finally, the order calls upon the government to seek out infrastructure that’s at the greatest risk of cyberattacks. Once they’ve been identified, the government will work with these organizations to make sure that any risk of cyberattacks are mitigated. As such, these organizations have the chance to make their case, every two years, for whether the cybersecurity standards placed upon them are “regulatory burdens.”

    There’s sure to be a lot of talk about this cybersecurity executive order over the coming months. In his speech last night, President Obama indicated as much saying this order is meant to force Congress’ hand in passing extensive cybersecurity legislation. That being said, the order’s emphasis on privacy and civil rights protections makes me hopeful that the administration will smack down any attempts to revive CISPA this year.

  • White House Will Issue Cybersecurity Executive Order On Wednesday [Rumor]

    It’s fairly common knowledge that the Obama administration has been crafting an executive order to address cybersecurity for quite some time now. The only thing we didn’t know was when such an order would be made public, but a new report is pegging the announcement for this week.

    Speaking to The Hill, sources close to the White House said that senior officials will announce Obama’s long in development cybersecurity mandate on Wednesday. The order will reportedly establish a voluntary program where “companies operating critical infrastructure would elect to meet cybersecurity best practices and standards crafted, in part, by the government.”

    The order will be announced at an event that is due to take place that U.S. Department of Commerce. In attendance will be a who’s who of major cybersecurity proponents, including White House Cybersecurity Coordinator Michael Daniel, Department of Homeland Security Deputy Secretary Jane Lute, and National Security Director Gen. Keith Alexander. You can expect some, or all, of them to talk about the grave threat our nation faces from cyberattacks from China and the like, and how this executive order will better protect our aging infrastructure from cyberattacks.

    Of course, members of Congress aren’t going to like it. They’re going to push for their own extensive cybersecurity legislation to replace whatever Obama’s administration cooks up. House Intelligence Committee Chairman Mike Rogers was already planning to reintroduce CISPA this week, but the executive order may force his hand in pushing the reviled legislation through the House even faster than before. Doing so would once again block all meaningful discussion on the privacy concerns present in the bill in favor of just pushing something through.

    Of course, the Senate will probably not like it either, and may very well introduce its own cybersecurity legislation as well. It may choose to vote on CISPA, if it passes the house, but the Senate may very well choose to go its own way once again by crafting its own legislation. If it does, we may very well end up with a situation just like last year where neither legislative branch can come up with anything, thus justifying the executive order.

    The Hill’s report doesn’t have any concrete details on what the executive order will entail, but we should probably prepare for the worst. Despite talking up a good game as a proponent on online privacy, President Obama has recently signed worrisome, and privacy infringing, legislation like the FISA extension into law.

    We’ll keep our ear to the ground to let you know when, and if, a cybersecurity executive order is announced, and what it entails.

    [Image: dcJohn/flickr]