The Public Eye with Eric Chabrow

Obama's IT Security Campaign Continues

Proclaiming Critical Infrastructure Protection & Resilience Month
Obama's IT Security Campaign Continues

President Obama has proclaimed December as Critical Infrastructure Protection and Resilience Month, and is using that declaration to continue his campaign to get Congress to enact comprehensive cybersecurity legislation.

See Also: Zero Trust Webinar: Research Insights Exploring the Actionable, Holistic & Integrative Approach to Security

Congress has failed to enact the administration-backed Cybersecurity Act of 2012 [see Senate, Again, Fails to Halt Filibuster], which includes provisions that call for the federal government and business to collaborate in developing IT security best practices that the owners of the mostly privately owned critical national infrastructure could voluntarily adopt.

Though no one expects the bill to be resurrected in the final days of the 112th Congress, Obama used the proclamation to tout such legislation in the 113th Congress, which convenes in early January.

The president, in the proclamation, points out that the nation's critical infrastructure is complex and interconnected, and it's vulnerable to emerging threats from cyberspace despite its strengths. He adds:

"Cyber incidents can have devastating consequences on both physical and virtual infrastructure, which is why my administration continues to make cybersecurity a national security priority.

"As we continue to work within existing authorities to fortify our country against cyber risks, comprehensive legislation remains essential to improving infrastructure security, enhancing cyber information sharing between government and the private sector, and protecting the privacy and civil liberties of the American people."
Obama may not wait till Congress acts on comprehensive cybersecurity legislation. The administration is vetting an executive order that could achieve some, but not nearly all of the president's cybersecurity agenda [see Obama Hasn't Reviewed Executive Order Draft]. An executive order likely could establish a legal process to develop IT security standards, but would not have the legal authority to allow information sharing between government and business; that would require a change in law.

Still, all things in Washington being political, the president - through the proclamation - continues to campaign for his vision of how the government should address cybersecurity. I guess he's also saying to the nation: Have a happy Critical Infrastructure Protection and Resilience Month. The same to you, Mr. President.

About the Author

Eric Chabrow

Eric Chabrow

Retired Executive Editor, GovInfoSecurity

Chabrow, who retired at the end of 2017, hosted and produced the semi-weekly podcast ISMG Security Report and oversaw ISMG's GovInfoSecurity and InfoRiskToday. He's a veteran multimedia journalist who has covered information technology, government and business.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.