President Obama is reported to be willing to compromise on cyber security. There have been continuing reports since early September that the president is preparing an executive order to implement some of the provisions of the 2012 Cyber Security Act (CSA), after it failed to come to a vote in the Senate in early August.
Department of Homeland Security (DHS) Secretary Janet Napolitano, in testimony before a Senate committee on Sept. 19, said while the order was still being vetted by various departments, that it would be issued as soon as a "few issues" were resolved. Now, more than a month later, there are reports that a final draft is circulating that includes a major compromise to settle differences between those who want government to have free access to networks under attack, and those concerned about violations of privacy.
[ The U.S. Secretary of Defense recently said future cyber attacks could rival 9/11, cripple U.S. | Also check out the cyber security report: All countries lag behind the bad guys. | Learn how to greatly reduce the threat of malicious attacks with InfoWorld's Insider Threat Deep Dive PDF special report. | Stay up to date on the latest security developments with InfoWorld's Security Central newsletter. ]
The Huffington Post's Richard Lardner reported that Associated Press obtained a copy of the draft order and released it last Saturday.
It includes a concession sought by Sen. Ron Wyden (D-OR) to include provisions proposed in the Cyber Intelligence Sharing and Protection Act (CISPA), which would allow for the sharing of Internet traffic information between the U.S. government and private sector companies, but only those involving critical infrastructure such as transportation and the electrical grid. Other private firms, including social media, would not be under the same mandate.
Another provision sought by privacy advocates would put the DHS, not the National Security Agency, in charge of the information-sharing network to distribute and "sanitized summaries of top-secret intelligence reports about known cyberthreats that identify a specific target," Lardner wrote.
"With these warnings, known as tear lines, the owners and operators of essential U.S. businesses would be better able to block potential attackers from gaining access to their computer systems," he wrote.
[Bill Brenner in Salted Hash: Third presidential debate - Both candidates flunk cybersecurity]