A draft executive order on Improving Critical Infrastructure Cybersecurity Practices may now gain speed with the re-election of President Obama. The Cybersecurity Act of 2012 was introduced by Senators Lieberman and Collins (Homeland Security and Government Affairs Committee), Rockefeller (Commerce) and Feinstein (Intelligence) but failed to gain enough support in the private sector and with other members to become law. The essential elements of the legislation were to foster the exchange of threat or event information between the government and the private sector, provide limited protection from liability to encourage such voluntary exchange by the private sector, and encourage collaboration on the creation of voluntary cybersecurity standards. With the election results, a resurrection of cybersecurity legislation is probable. While all members recognize the existence and significance of the cyber threat, they will continue to differ on the approach with Republicans expressing concern that the recent legislation introduced more regulatory burdens. In anticipation of a protracted legislative process, and to address the immediate cybersecurity concern, release of an executive order in the near term is likely. A paper draft that was recently circulated among the Deputies Committee contains elements that are consistent with the proposed legislation and draft executive order with some new twists.
Please click here to read the issued Client Alert.