LEAKED! Here's The White House's Draft Cybersecurity Executive Order

from the vague-enough-for-ya? dept

Earlier this week, we wrote about how the White House was working on an executive order to act as a "stand in" for cybersecurity legislation that has so far failed to pass Congress (CISPA passed in the House, but a different effort, the Cybersecurity Act, failed in the Senate, and it would have been difficult to get the two houses aligned anyway). Last weekend Jason Miller from Federal News Radio wrote about a draft he saw... but failed to share the actual draft. We got our hands on a draft (and confirmed what it was with multiple sources) and wanted to share it, as these kinds of things deserve public scrutiny and discussion. It's embedded below. As expected, it does have elements of the Lieberman/Collins bill (to the extent that the White House actually can do things without legislation). It's also incredibly vague. The specific requirements for government agencies are left wide open to interpretation. For example, the State Dept. should engage other governments about protecting infrastructure. Well, duh. As expected, most stuff focuses on Homeland Security and its responsibilities to investigate a variety of different cybersecurity issues -- but, again, it's left pretty vague.

There is, as expected, plans concerning information sharing -- but again, they're left pretty empty on specifics. It talks about an "information exchange framework." Unfortunately, it does not appear to highlight privacy or civil liberties concerns in discussing the information sharing stuff. That seems like a pretty big problem. Homeland Security is tasked with coming up with a way to share information, pulling on some existing efforts, but nowhere do they call out how to make sure these information exchange programs don't lead to massive privacy violations, despite the President's earlier promises that any cybersecurity efforts would take into account privacy and civil liberties.

Separately, it lists out 16 critical infrastructure "sectors," but those can be interpreted really broadly, which is dangerous. We all understand how things like the electric grid, nuclear power plants, water facilities and such can be seen as critical infrastructure. But does "communications" include things like social networking? It's important that any plan be very, very specific about what sorts of things are critical infrastructure, so as to avoid sweeping up all sorts of things like internet services and opening them up to information "sharing" abuse efforts by the government. We all know there's plenty of evidence that when the government is given a loophole to spy on private communications, it figures out ways to drive fleets of trucks through that hole. Unfortunately, there's little indication that any of that has really been taken into consideration.

All that said, it is important to recognize that this is a draft, and it is not only subject to change, but there are indications that it is likely to change. But, seeing as this could have significant impact, it should be something that the public has a chance to weigh in on.

Honestly, looking this over, you get the sense that it's really designed to do one thing: scare those who fought against the various bills back to the table to compromise and get a bill out. It's no secret that the administration's overall preference is to get a law in place, rather than this executive order. That's been a failed effort so far, but you have to wonder if this is a ploy to scare those who opposed the Cybersecurity Act into thinking that if they don't approve some legislation, the exec order might be a bigger problem. There are way too many things left open ended in this draft, and while the administration can't go as far as Congress on many things, the open-ended nature of this order could certainly lead to problems for the industries who opposed previous efforts.

Either way, we'll have some more on this next week, but since we just got this and want to get it out there for comment, hopefully folks can spend some time this weekend discussing the (yes, once again, vague) particulars...

Reader Comments

The First Word

Subscribe: RSS

View by: Time | Thread


  1. icon
    backstab59 (profile), 16 Sep 2012 @ 10:00am

    A threat is an act of coercion wherein an act is proposed to elicit a negative response. It is a communicated intent to inflict harm or loss on another person. It can be a crime in many jurisdictions. Threat (intimidation) is widely seen in animals, particularly in a ritualized form, chiefly in order to avoid the unnecessary physical violence that can lead to physical damage or death of both conflicting parties.
    Design basis threat (DBT) is a classified document that discovers the characteristics of the potential threats (actual threat, not a possibility)
    Backward induction is the process of reasoning backwards in time, from the end of a problem or situation, to determine a sequence of optimal actions. It proceeds by first considering the last time a decision might be made and choosing what to do in any situation at that time. Using this information, one can then determine what to do at the second-to-last time of decision. This process continues backwards until one has determined the best action for every possible situation (i.e. for every possible information set) at every point in time.
    Intimidation (also called cowing) is intentional behavior that "would cause a person of ordinary sensibilities" fear of injury or harm. It's not necessary to prove that the behavior was so violent as to cause terror or that the victim was actually frightened.
    Are we actually seeing now were/who is a treat…
    Criminal threatening (or threatening behavior) is the crime of intentionally or knowingly putting another person in fear of imminent bodily injury. "Threat of harm generally involves a perception of injury...physical or mental damage...act or instance of injury, or a material and detriment or loss to a person." "A terroristic threat is a crime generally involving a threat to commit violence communicated with the intent to terrorize another."
    Threatening behaviors may be conceptualized as a maladaptive outgrowth of normal competitive urge for interrelational dominance generally seen in animals. Alternatively, intimidation may result from the type of society in which individuals are socialized, as human beings are generally reluctant to engage in confrontation or threaten violence.
    Like all behavioral traits it exists in greater or lesser manifestation in each individual person over time, but may be a more significant "compensatory behavior" for some as opposed to others. Behavioral theorists often see threatening behaviours as a consequence of being threatened by others, including parents, authority figures, playmates and siblings. “Use of force is justified when a person reasonably believes that it is necessary for the defense of oneself or another against the immediate use of unlawful force.”
    Lets create a bigger RISK\threat footprint because im scared ?????

Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here
Get Techdirt’s Daily Email
Use markdown for basic formatting. HTML is no longer supported.
  Save me a cookie
Follow Techdirt
Special Affiliate Offer

Advertisement
Report this ad  |  Hide Techdirt ads
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Chat
Advertisement
Report this ad  |  Hide Techdirt ads
Recent Stories
Advertisement
Report this ad  |  Hide Techdirt ads

Close

Email This

This feature is only available to registered users. Register or sign in to use it.