With the ink barely dry on President Obama’s cybersecurity executive order, White House staff issued reactions from the security and privacy community, and response continues to reverberate this morning. Below are excerpts.
Michael Chertoff, Secretary of Homeland Security under President George W. Bush and Chairman of the Chertoff Group: “Today the President has taken a critical step in protecting America by addressing two vital aspects of cybersecurity; information sharing and development of a cybersecurity framework. These activities represent a down payment in the protection of our Nation’s cyber infrastructure.”
Pravin Kothari, Founder & CEO of CipherCloud, a San Jose, Calif. company that provides military grade encryption: “As SOPA, CISPA and the Cybersecurity Act of 2012 all died in debate, just having some form of cyber legislation is in theory a win for individuals’ right to privacy. Stopping short of forcing critical infrastructure providers to share user data, the administration is leaving room for providers to exercise their best judgment.”
Jose Granado, Ernst & Young, director of Information Security Services: “While this Executive Order is a good start and further affirms the reality of cybersecurity as a widespread issue that touches almost every industry, it is not the silver bullet we often seek. Going forward, we anticipate that there will be further discussions about what organizations need to report and what information they must share, as well some bumps in the road as they work toward implementation.”
Arthur W. Coviello, Jr. Executive Vice President, EMC Corporation and Executive Chairman, RSA, The Security Division of EMC: “EMC supports the President’s efforts via Executive Order to help drive improved collaboration between the public and private sectors, however, the Executive Order only partially covers what’s required. To protect our nation from threats in cyberspace, Congress must also pass legislation to provide the comprehensive resources and protections necessary to fully address cyber security.”
Tom Kellermann, Vice President of Cyber Security for Trend Micro: “As a nation, we must act decisively to secure our critical infrastructure against cyber threats, and the Executive Order contains the right blend of privacy protections, increased information sharing, and basic cyber hygiene best practices which will sustain our national migration to Web 3.0.”
Gerry Cauley, President and CEO, North American Electric Reliability Corporation: “Cyber security is an issue the electricity sector takes very seriously. NERC appreciates the emphasis the Executive Order places on continuing work with existing public/private partnerships as we address this critical issue.”
Steve Davis, Executive Vice President for Public Policy and Government Relations, CenturyLink: “As a leading provider of cybersecurity protections, CenturyLink is encouraged by the White House executive order’s provisions to improve information sharing between government agencies and the private sector. We also encourage the president to work with Congress on bipartisan legislation that establishes a legal framework for information sharing and liability protections.”
Frank Cilluffo, Director of the Homeland Security Policy Institute at George Washington University and co-director of the Cyber Center for National and Economic Security (CCNES) at George Washington University: “This executive order is a step in the right direction and will likely improve the government’s ability to address cyber threats in a number of key ways, including by promoting security standards, clarifying agency roles, and increasing information sharing with the private sector. However, it is essential that Congress work in a bipartisan manner this year to develop legislation that can strengthen the incentives for private sector action on cyber security.
Michelle Richardson, ACLU: “The President’s Executive Order rightly focuses on cybersecurity programs that don’t negatively impact civil liberties. For example, greasing the wheels of information sharing from the government to the private sector is a privacy-neutral way to distribute critical cyber information. More encouragingly, the adoption of Fair Information Practice Principles for internal information sharing demonstrates a commitment to tried and true privacy practices.”
Leslie Harris, Center for Democracy and Technology: “We are pleased that the Executive Order pays close attention to privacy and civil liberties. The mandate to incorporate protections based upon Fair Information Practice Principles into all agency activities under the E.O. is particularly welcome.”