Bloomberg is reporting that the White House plans to introduce an executive order on cybersecurity sometime after next week's State of the Union address. The order, which has been in the works for months at this point, would arrive after several high-profile attacks have highlighted the danger posed by online threats. Just last week, the Wall Street Journal and the New York Times revealed they'd been the victims of attacks — thought to have originated in China — while Twitter announced it could have had as many as 250,000 user accounts compromised.
According to the report, the order will set up a set of voluntary cybersecurity standards that companies operating important US infrastructure will be able to participate in. Federal agencies will be encouraged to adopt the new protocols into existing regulations, and as expected, the order will instruct the government itself to share information about potential threats with companies in the private sector.
A priority for both the White House and the new Congress
Cybersecurity is quickly emerging as an important priority for both the White House and the new Congress. Two members of the House Intelligence Committee, chairman Mike Rogers and Democrat C.A. "Dutch" Ruppersberg, said they would be reintroducing the Cyber Intelligence Sharing and Protection Act (CISPA) on February 13th. "This is clearly not a theoretical threat," Rogers told Bloomberg in an emailed statement. "The recent spike in advanced cyber attacks against the banks and newspapers makes that crystal clear." Whether the legislation will gain any traction is another matter altogether; while CISPA originally passed the House last year, it stalled in the Senate, with President Obama threatening to veto the legislation even if it did make it to his desk.
The threat of cyberattacks haven't just been a concern of the United States, either. The European Union announced a plan of its own yesterday, which would require stock exchanges, banks, hospitals, and other companies to conform to more rigorous network security standards — and could even require companies that control important infrastructure to disclose any attacks publicly. The European proposal is a draft at this point, but if adopted could require US companies that do international business to conform to the standards.