Foreign Policy

Cybersecurity — Executive Order 13636

On February 12, 2013, President Obama signed Executive Order 13636, “Improving Critical Infrastructure Cybersecurity.” The Executive Order is designed to increase the level of core capabilities for our critical infrastructure to manage cyber risk. It does this by focusing on three key areas: (1) information sharing, (2) privacy, and (3) the adoption of cybersecurity practices.

The EO tasked the National Institute for Standards and Technology (NIST) to work with the private sector to identify existing voluntary consensus standards and industry best practices and build them into a Cybersecurity Framework. The Administration recognizes that there are private-sector cyber leaders who are already implementing strong cybersecurity controls, policies, procedures and innovations and asked these companies to help us shape best practices across critical infrastructure. The President then directed DHS to establish a voluntary program to promote the adoption of the Framework. An organization “adopts” the Framework when it becomes a key part of its systematic process for identifying, prioritizing, addressing, managing, and/or communicating cybersecurity risks. The Framework helps improve understanding of those risks so that organizations can effectively implement real solutions that lower cyber threats. There is no “one-size-fits-all” solution to every organization’s’ cybersecurity problems. What is effective and appropriate for one company, might not work at all for a company in a different industry. However, if companies use the Framework, our goal is that the Framework’s structure will drive them to ask the right questions and begin to implement the right solutions for their particular company and industry.

Voluntary feedback from organizations that are using DHS and government resources to enhance their cyber resilience will help DHS identify lessons learned, benefits, and ways to improve existing resources and ultimately the Framework itself. In particular, we want the Framework to be living document, and that means it needs to keep up with the changing needs of business. The only way to do that is to ensure that we are receiving regular feedback on how the Framework is used.

Read the five things to know on the administration's priorities on cybersecurity.