President Obama on Tuesday signed an executive order to strengthen the cybersecurity of critical U.S. infrastructure by increasing information sharing and by jointly developing and implementing with industry partners a framework of cybersecurity practices.

“Proactive and coordinated efforts are necessary for us to strengthen and maintain secure, functioning and resilient critical infrastructure — including the assets, networks and systems that are vital to public confidence and the nation’s safety, prosperity and well-being,” according to a White House statement. “This endeavor is a shared responsibility among the federal, state, local, tribal and territorial entities, and public and private owners and operators of critical infrastructure.”

The executive order expands to other sectors the voluntary Enhanced Cybersecurity Services program, an information sharing program already in use by the Department of Defense, enabling near real-time sharing of cyber threat information. The order also requires federal agencies to produce and share unclassified reports of threats to U.S. companies and directs the National Institute of Standards and Technology to lead the development of a framework of cybersecurity practices to reduce cyber risks to critical infrastructure. It calls for a review of existing cybersecurity regulation and includes private and civil liberties protections, the White House said.

Obama began considering an executive order aimed at protecting critical national infrastructure, including power plants and natural gas and crude pipelines, from cyber attacks, after the U.S. Congress failed to pass the Cybersecurity Act of 2012 last summer (see Daily GPI, Sept. 13, 2012; July 23, 2012).

The order comes just days after the Department of Energy (DOE) announced that a “cyber incident” at DOE headquarters in Washington, DC, last month targeted the agency’s network “and resulted in the unauthorized disclosure of employee and contractor” information (see Daily GPI, Feb. 5). No classified data was compromised by the cyber attack, according to DOE.

The Department of Homeland Security last year reported that there had been an “active series” of cyber attacks on natural gas pipeline companies’ computer networks over a five-month period (see Daily GPI, May 8, 2012).

Federal Energy Regulatory Commission Chairman Jon Wellinghoff has expressed his exasperation with the lack of a federal system for reporting threats to energy infrastructure (see Daily GPI, Sept. 6, 2012). Wellinghoff subsequently announced the creation of an office at the agency to focus on cyber and physical security risks to energy facilities under its jurisdiction, such as interstate natural gas pipelines, gas storage and electric transmission facilities (see Daily GPI, Sept. 24, 2012).

A secret review of the United States’ ability to react to cyber attacks recently concluded that Obama has the power to order a pre-emptive strike if a major digital attack is imminent, the New York Times recently reported.

©Copyright 2013Intelligence Press Inc. All rights reserved. The preceding news reportmay not be republished or redistributed, in whole or in part, in anyform, without prior written consent of Intelligence Press, Inc.