White House Clears Air on Cybersecurity Efforts
White House Cybersecurity Coordinator Michael Daniel once again took to the official White House blog last week in a post titled "Assessing Cybersecurity Regulations" to clear up the air following U.S. accusations that five Chinese military officials perpetuated industrial espionage against the United States.
Daniel stressed that while the White House has gotten involved in cyber issues, there is only so much the Executive Branch can do. One example is the Cybersecurity Framework released by the Obama administration in February. The result of Obama's Executive Order 13636, the Framework sets forth a rudimentary roadmap for cybersecurity collaboration in key industries.
"It is important to understand that an Executive Order can only direct Executive Branch agencies, not independent regulators," Daniel wrote. "Much of critical infrastructure is regulated by independent regulators; therefore, the analysis conducted pursuant to EO 13636 represents a limited subset of critical infrastructure sectors: water, health, transportation, and chemical. Independent regulatory agencies may engage in similar analysis but are not required to under this EO."
Governmental analysis of the nation's cybersecurity risks led the White House to require reports from three key agencies: the Environmental Protection Agency because of its drinking water and waste-water jurisdiction; Department of Health and Human Services for its medical devices, electronic health records, and health exchanges; and the Department of Homeland Security and its authority over chemical facilities and transportation.
"Now, this doesn't mean that we don't have more work to do to secure our critical systems and information throughout the country. Nor does it mean that we can stop working to ensure that regulations as written are clear, streamlined, and harmonized," Daniel concluded.
"It does mean that agencies with regulatory authority have determined that existing regulatory requirements, when complemented with strong voluntary partnerships, are capable of mitigating cyber risks to those systems. Over the next two years, these departments and agencies will jointly investigate and leverage opportunities to improve the efficiency, clarity, and coordination of existing regulations."
This isn't the first time Daniel has taken to the White House blog to quell cyber tensions. Soon after the discovery of Heartbleed (hyped to be the worst vulnerability ever discovered), Daniel shed some light on how government agencies assess cyber threats.
"Disclosing a vulnerability can mean that we forego an opportunity to collect crucial intelligence that could thwart a terrorist attack stop the theft of our nation's intellectual property, or even discover more dangerous vulnerabilities that are being used by hackers or other adversaries to exploit our networks," Daniel said.