Critical infrastructure is the backbone of our country’s national and economic security. It includes everything from power plants, chemical facilities and cyber networks, to bridges and highways, stadiums and shopping malls, as well as the federal buildings where millions of Americans work and visit each day. The Department of Homeland Security (DHS) is the Federal Government’s lead agency for coordinating the national protection, prevention, mitigation, and recovery from cyber incidents and works regularly with critical infrastructure owners and operators to take steps to strengthen their facilities and communities. The Department also conducts onsite risk assessments of critical infrastructure and shares risk and threat information with state, local and private sector partners.
Tuesday, President Barack Obama issued an Executive Order (EO) on cybersecurity and a Presidential Policy Directive (PPD) on critical infrastructure security and resilience. These two actions will strengthen the security and resilience of critical infrastructure against all hazards through an updated and overarching national framework that acknowledges the increased role of cybersecurity in securing physical assets. This is a key step forward in evolving how we approach the risks we face in this new environment.
A cornerstone of this effort will be enhanced information sharing programs that will facilitate the flow of critical infrastructure information among key stakeholders. The EO expands a voluntary, cyber threat information sharing program between government and the private sector that automates the use of law enforcement and intelligence derived threat information to assist critical infrastructure owners and operators in their cybersecurity efforts. This information sharing process helps critical infrastructure entities to protect against cyber threats that could otherwise harm the systems upon which so many Americans rely. The PPD directs the executive branch to address information sharing priorities with critical infrastructure by strengthening our capability to understand and efficiently share information about how well their infrastructure systems are functioning and the consequences of potential failures.
In developing the EO and PPD, the Obama Administration sought input from industry, Congress, the privacy and civil liberties advocacy community, and others and worked to incorporate their ideas. We have also continued our engagement with the privacy and civil liberties community and remain committed to preserving citizens’ right to privacy online. We continue to believe that cybersecurity is a shared responsibility. Together, the EO and PPD create an opportunity to reinforce the need for holistic thinking about the cyber and physical security of critical infrastructure.
The American people expect us to lead in securing the country from the growing danger of cyber threats and partner with owners and operators to strengthen the security of the nation’s critical infrastructure. The cyber threats we face are real, they are serious, and they are urgent. Today’s actions are a key step towards improved security and resilience. We will continue to work with Congress to achieve this goal, and hope that these steps will lay a foundation for future discussions on how to keep our nation safe and secure for generations to come.
For more information about the Cybersecurity Executive Order and Critical Infrastructure Presidential Policy Directive, please visit here.