As cybersecurity and privacy issues have become more prevalent in the public sector in recent years, the need to enact new cybersecurity policies has increased. Most recently, Executive Order (EO) 13636 of February 12, 2013 – Improving Critical Infrastructure Cybersecurity, was released by the White House and named important new cybersecurity policies to be implemented.
The EO emphasizes the importance of a partnership of the owners and operators of critical infrastructure (CI), systems that if destroyed would have a devastating effect on United States security, health, and/or security. They will work together to develop cybersecurity risk-based standards and improve information sharing, which the EO encourages the government to do with private companies to quickly disseminate cyberthreats.
In addition, they are planning to expand the Enhanced Cybersecurity Services Program to all CI sectors to share government technical information and cyberthreats. To aid in the sharing of information, the National Institute of Standards and Technology will develop a Cybersecurity Framework within a year. This framework will help agencies determine whether their cybersecurity regulations are adequate, and if not, they will be required to change.
Finally, the General Services Administration, Department of Defense, and Federal Acquisition Regulatory Council have four months to make recommendations “on the feasibility, security benefits, and relative merits of incorporating security standards into acquisition planning and contract administration,” as stated by the EO.
Luckily for us, it seems as if we are one step closer to a safer cybersecurity environment.
