New CyberSec Executive Order IT Impact Zero

Last Tuesday, the White House issued the long awaited CyberSec Executive Order, which makes an attempt to outline policies that will protect US organizations against cyber-attacks and espionage. The EO stays away from even hinting at changes to privacy laws and regulations, which makes the anti-CISPA people happy. The Cyber Intelligence Sharing and Protection Act died in the Senate in any case.



So in short, what's in it?



NIST will offer to work with a mix of industry and other parties to establish guidance on how to secure critical infrastructure components. Note that there are already many security frameworks that government agencies have to comply with, like FISMA, NIST 800-53, FERC, NERC, etc. The main thrust of the EO is that nobody is required to do anything. In the case NIST creates any useful guidance, it's up to you if you want to follow it or not.



The upshot? Critical infrastructure companies are allowed business as usual, hence zero impact.



It's positive though that the White House puts cybersecurity front and center, and raises awareness for this issue. That just might make it easier for you to get more budget and give IT security high priority within your own organization. And remember that your employees are the weak link in IT Security so insist on high quality

">security awareness training.