On February 12, 2013, President Obama signed both an executive order and a presidential directive that together set forth the administration’s approach to two key cybersecurity related issues: (i) regulating critical infrastructure network security, and (ii) sharing cyber threat information between the public and private sectors. Together, the order and the directive represent a White House response to the congressional deadlock on cybersecurity legislation. While members of both parties have suggested that action on cybersecurity is a priority, separate bills advanced in the House and Senate in the last Congress have not yet been reconciled. While both the House and Senate bills contemplated new safeguards and exceptions to existing data privacy laws for businesses that share cybersecurity threat information with the government, both did so on different terms. In addition, the Senate bill asked the Department of Homeland Security (DHS) and regulatory agencies to work together to craft network security regulations that would be applied to critical private-sector infrastructure operators, while the House bill declined to add any new regulatory provisions. Conflicts over these different approaches have stalled legislative action and now have led the White House to issue the order and the directive to address the open issue. While further legislative action remains a possibility, national security and regulatory agencies have new marching orders in the interim.

The executive order discusses the cybersecurity of “critical infrastructure” — private sector systems and assets so vital to the United States that their incapacity or destruction would have a debilitating impact on security, the economy or public health. This definition has been imported from the USA PATRIOT Act and has previously been interpreted broadly in Homeland Security Presidential Directive 7 (HSPD-7) to include entities such as financial services providers, energy companies and health care providers. The presidential directive accompanying the executive order replaces HSPD-7 and broadens the set of critical infrastructure sectors even further, defining the new list to include...

Please see full memorandum below for more information.

LOADING PDF: If there are any problems, click here to download the file.

Written by:

Published In:


DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Skadden, Arps, Slate, Meagher & Flom LLP | Attorney Advertising

Don't miss a thing! Build a custom news brief:

Read fresh new writing on compliance, cybersecurity, Dodd-Frank, whistleblowers, social media, hiring & firing, patent reform, the NLRB, Obamacare, the SEC…

…or whatever matters the most to you. Follow authors, firms, and topics on JD Supra.

Create your news brief now - it's free and easy »

All the intelligence you need, in one easy email:

Great! Your first step to building an email digest of JD Supra authors and topics. Log in with LinkedIn so we can start sending your digest...

Sign up for your custom alerts now, using LinkedIn ›

* With LinkedIn, you don't need to create a separate login to manage your free JD Supra account, and we can make suggestions based on your needs and interests. We will not post anything on LinkedIn in your name.