A sweeping cyber security law is unlikely to pass any time soon.
White House Cyber Security Coordinator Michael Daniel warned last week that President Obama's Executive Order on Cyber Security (EO) could result in new regulations for U.S. companies that operate and manage U.S. infrastructure.
Specifically, Daniel said new regulations could be used to create a “backstop” to address security concerns related to the computer systems of the nation’s water systems, electric grid, banking system, health care providers, and other critical infrastructure.
Daniel further noted that in large part, the EO orders major regulators such as the Department of Treasury and the Department of Energy to review their current regulations and align them with the framework created by the National Institute of Standards and Technology (NIST). These actions are necessary to repel and defeat cyber attacks that could cripple critical infrastructure and cause widespread damage in the “real” world.
It is now clearer than ever that the cyber security EO is a precursor to enhanced enforcement and regulation. Currently, both the White House and Congress are engaged in efforts to introduce legislation to address national cyber security concerns. While a sweeping cyber security law is unlikely to pass anytime soon, companies that operate and manage U.S. critical infrastructure must closely watch regulators. These companies must ensure they are doing everything in their power to secure their networks now, and to create and implement information policies and procedures, and privacy programs that will stand up to rigorous scrutiny.