Factory Automation
Batch Processing
Process Automation
Packaging Automation
On the Edge
Download this free 97-page Batch Process Playbook loaded with industry expert advice on topics ranging from control systems, instrumentation, and industrial networks to energy management, security, and system upgrades.

Executive Order on Cyber Security, Smart but Too Vague

Print Reprint
FILED IN:  Security
President Obama’s executive order aims to facilitate information sharing on cyber security issues for critical infrastructure dependent on industrial control systems. Many believe its vague implications will limit its impact but agree it is a step in the right direction.

The cyber security executive order signed this week by President Barack Obama is a road paved with good intentions, but some fear that its vagueness will limit its impact. However, experts agree that its voluntary nature is the right approach.

The order aims to increase information sharing between government and private entities in regard to the cyber security of critical infrastructure including power plants and financial, transportation and communications systems. It calls for the development of a framework of best practices via the National Institute of Standards and Technology (NIST).

For industrial control systems (ICS), this may be a small step in the right direction, according to Joel Langill of SCADAhacker. However, the order is very broad in its coverage, as it blankets all “systems and assets, whether physical or virtual. Exactly how this would translate into what actually is implemented regarding security controls within ICS is not obvious and therefore will probably not make much impact on owners and operators of critical infrastructure in its initial phase,” Langill says.

Because the order does not appear to address the role of control system vendors or manufacturers, “this could be a significant oversight” representing a hurdle to improving resilience to cyber threats, Langill says.

The executive order does not set forth any minimum standards for how infrastructure should be protected, as any such act would require Congressional approval. The Obama administration made an attempt to pass such legislation last year and failed when Republicans intervened. If the legislation had passed, it would have given the Department of Homeland Security (DoHS) the authority to enforce security standards of equipment running critical infrastructure, The New York Times reports.

Langill adds that DoHS does not possess the knowledge base to provide any value to owners or operators because it tends to focus on matters of national security.

Eric Byres, CTO and co-founder of the Tofino Security division at Belden Inc., says that any attempt by the government to play “traffic cop” would be futile because the laws would be obsolete before they could be implemented. Byres adds that facilitating the sharing of information and increasing access to resources is the best the government can do beyond holding all companies accountable for negligence.

The final draft of the executive orders is anticipated within a year. During the interim, NIST will seek public input from organizations interested in participating in cyber security workshops over the next several months.

All this hard work, however, might not pay off in the long run, according to  Langill, who explains that orders such as these could easily be nullified by the next administration. In spite of that, he says the order could still serve to clarify existing regulations and lead to better ICS security overall.

Read the Full Executive Order.

FILED IN: Security


Don't miss intelligence crucial to your job and business!
Click on any newsletter to view a sample. Enter your email address below to sign up!
Each newsletter ranges in frequency from once per month to a few times per month at most.
IT Delivers on Automation’s Promise
E-Book Special Report
IT Delivers on Automation’s Promise

Sign up to receive timely updates from the editors at Automation World and download this FREE Special Report on the transformative power of data in manufacturing. By integrating information and automation technologies, manufacturers are finally achieving major gains in productivity from their automated systems.