Obama's IT Security Campaign Continues
Proclaiming Critical Infrastructure Protection & Resilience MonthPresident Obama has proclaimed December as Critical Infrastructure Protection and Resilience Month, and is using that declaration to continue his campaign to get Congress to enact comprehensive cybersecurity legislation.
See Also: The Cybersecurity Swiss Army Knife for Info Guardians: ISO/IEC 27001
Congress has failed to enact the administration-backed Cybersecurity Act of 2012 [see Senate, Again, Fails to Halt Filibuster], which includes provisions that call for the federal government and business to collaborate in developing IT security best practices that the owners of the mostly privately owned critical national infrastructure could voluntarily adopt.
Though no one expects the bill to be resurrected in the final days of the 112th Congress, Obama used the proclamation to tout such legislation in the 113th Congress, which convenes in early January.
The president, in the proclamation, points out that the nation's critical infrastructure is complex and interconnected, and it's vulnerable to emerging threats from cyberspace despite its strengths. He adds:
"Cyber incidents can have devastating consequences on both physical and virtual infrastructure, which is why my administration continues to make cybersecurity a national security priority.Obama may not wait till Congress acts on comprehensive cybersecurity legislation. The administration is vetting an executive order that could achieve some, but not nearly all of the president's cybersecurity agenda [see Obama Hasn't Reviewed Executive Order Draft]. An executive order likely could establish a legal process to develop IT security standards, but would not have the legal authority to allow information sharing between government and business; that would require a change in law.
"As we continue to work within existing authorities to fortify our country against cyber risks, comprehensive legislation remains essential to improving infrastructure security, enhancing cyber information sharing between government and the private sector, and protecting the privacy and civil liberties of the American people."
Still, all things in Washington being political, the president - through the proclamation - continues to campaign for his vision of how the government should address cybersecurity. I guess he's also saying to the nation: Have a happy Critical Infrastructure Protection and Resilience Month. The same to you, Mr. President.