President Donald Trump may be seeking more cooperation from private businesses to shore up the defense of critical infrastructure that they control.
The signing of an executive order on cybersecurity was canceled unexpectedly Tuesday, but a draft of the order was leaked to The Washington Post.
In it, Trump calls for, “…economic and other incentives to: induce private sector owners and operators of the Nation’s critical infrastructure to maximize protective measures; invest in cyber enterprise risk management tools and services; and adopt best practices with respect to processes and technologies necessary for the increased sharing of and response to real-time cyber threat information.”
The draft also calls for new laws to encourage protecting critical infrastructure, which includes vital systems that, if destroyed, would harm national security, economic security, and public health and safety.
Within 60 days, recommendations would be due from a committee spelled out by the order. It designates the participants by job title, and some of those positions haven’t been filled yet. They are: Secretary of Defense Jim Mattis, Secretary of Homeland Security John Kelly, the Director of National Intelligence, the Assistant to the President for National Security Affairs Michael Flynn and the Assistant to the president for Homeland Security and Counterterrorism Tom Bossert.
The order says that currently, executive departments tasked with protecting government networks and critical infrastructure don’t have “legal authority adequate to succeed in their missions.” It calls for recommendations to give them that authority.
Getting private entities to share intelligence information has been a tricky process. President Obama signed the Cybersecurity Information Sharing Act (CISA) at the end of 2015, but it didn’t result in massive sharing. It encouraged private businesses to report cyber incidents by reducing their legal liability if someone chose to accuse them of negligence in allowing the incidents to occur in the first place. It also called for the information shared to be gathered by the Department of Homeland Security and anonymized before it was shared elsewhere.
Participation was voluntary.