"LEAKED! Here's The White House's Draft Cybersecurity Executive Order"
Earlier this week, we wrote about how the White House was working on an executive order to act as a "stand in" for cybersecurity legislation that has so far failed to pass Congress (CISPA passed in the House, but a different effort, the Cybersecurity Act, failed in the Senate, and it would have been difficult to get the two houses aligned anyway). Last weekend Jason Miller from Federal News Radio wrote about a draft he saw... but failed to share the actual draft. We got our hands on a draft (and confirmed what it was with multiple sources) and wanted to share it, as these kinds of things deserve public scrutiny and discussion. It's embedded below. As expected, it does have elements of the Lieberman/Collins bill (to the extent that the White House actually can do things without legislation). It's also incredibly vague. The specific requirements for government agencies are left wide open to interpretation. For example, the State Dept. should engage other governments about protecting infrastructure. Well, duh. As expected, most stuff focuses on Homeland Security and its responsibilities to investigate a variety of different cybersecurity issues -- but, again, it's left pretty vague.
There is, as expected, plans concerning information sharing -- but again, they're left pretty empty on specifics. It talks about an "information exchange framework." Unfortunately, it does not appear to highlight privacy or civil liberties concerns in discussing the information sharing stuff. That seems like a pretty big problem. Homeland Security is tasked with coming up with a way to share information, pulling on some existing efforts, but nowhere do they call out how to make sure these information exchange programs don't lead to massive privacy violations, despite the President's earlier promises that any cybersecurity efforts would take into account privacy and civil liberties.