4. Executive Order on Cybersecurity
• President signed an Executive Order and Presidential Policy Directive on
February 12, 2013 to Improve Critical Infrastructure Cybersecurity
• “Critical Infrastructure” is defined as “systems and assets, whether
physical or virtual, so vital to the US” that their incapacity or destruction
would have debilitating impact on:
• Security,
• National economic security,
• Public health or safety
• Key Parts
• Cybersecurity Information Sharing (AG, DHS, and DNI, section 4)
• Privacy and Civil Liberties Protections (DHS, section 5)
• Develop Baseline Framework to Reduce Cyber Risk to Critical Infrastructure
(NIST, section 7)
• Voluntary program to support adoption (DHS, section 8)
• “Procurement requirements related to cybersecurity”
• Identification of Critical Infrastructure at Greatest Risk (DHS, section 9)
• Agency review and report on existing regulatory requirements and authority to
establish new framework-based requirements (section 10)
5. How the Framework has been Developed
5th Framework Workshop – November 14-15
EO 13,636 and PPD-21 – February 12, 2013
8. White House on Cybersecurity Incentives
The departments of Homeland Security, Commerce and Treasury identified
8 incentives the federal government could use to encourage the nation's critical
infrastructure owners to adopt voluntarily the cybersecurity framework being
developed under the auspices of the National Institute of Standards and Technology.
The eight incentives are:
1. Cybersecurity insurance,
2. Grants,
3. Process preferences,
4. Liability limitation,
5. Streamlined regulations,
6. Public recognition,
7. Rate recovery for price-regulated industries and
8. Cybersecurity research.
Incentives would help nation's critical infrastructure operators adopt voluntary
framework.