Executive order on cyberattacks anticipated Wednesday

The order is meant to protect critical industries and infrastructure by sharing information about attacks, and may eventually lead to legislation.

WASHINGTON — President Barack Obama plans to release a long-awaited executive order aimed at improving the nation's defenses against cyberattacks as early as Wednesday, according to sources familiar with the matter.

The order, drawn up after Congress failed to pass cyberdefense legislation last year, is meant to improve the protection of critical industries and infrastructure from cyberintrusions.

Concerns about cyberattacks, which have hit a succession of major U.S. companies and government agencies in recent months, also could be raised by Obama in his annual State of the Union address to Congress on Tuesday evening.

RELATED: Energy Department hit by cyberattack

INFORMATION SHARING

One of the White House's major goals is to improve information-sharing about attacks among private companies, and between companies and the government.

"Our biggest issue right now is getting the private sector to a comfort level so they can report anomalies, malware, incidents within their network" without undue fear of being "outed" as victims, said FBI Executive Assistant Director Richard McFeely, head of the Criminal, Cyber, Response and Services Branch.

The order is expected to give the Department of Homeland Security the lead role in protecting critical U.S. infrastructure, according to a government official who had seen a final draft of the order's executive summary.

DHS will be tasked with setting up a system for sharing cyberthreats with private industry and will be responsible for protecting critical infrastructure, the official said. Most of the critical U.S. infrastructure is run by private industry.

"We know the executive order isn't going to go as far as legislation could or will go, but it's a good start," the official said.

Some Republicans had wanted the Department of Defense to play the lead role instead of DHS.

Cybersecurity experts say the executive order — which does not have the same force as a law — is a step in the right direction and indicates President Obama takes the problem seriously.

RELATED: Rumor: President Obama has power to launch secret cyberattacks

'DOWN PAYMENT ON LEGISLATION'

"I think this can fairly be described as a down payment on legislation," said Stewart Baker, former National Security Agency general counsel and a past assistant secretary for policy at the Department of Homeland Security

Stewart said he thought the executive order would make a difference in policy and practical terms, "but whether it will provide practical protection from cyberattacks is still in doubt."

The executive order will make it easier for people at private companies to get security clearances so classified information can be shared, according to earlier drafts that were leaked and posted online.

It will also make companies work with the National Institute of Standards and Technology to come up with sector-specific standards for cybersecurity, and will then require companies to engage with their regulators to decide how those standards are implemented.

"Companies aren't going to, at first, be required to do anything. These are voluntary standards, except for a few critical infrastructure companies," said James Lewis, senior fellow at the Center for Strategic and International Studies.

"If you're regulated, the regulator will be able to say, 'Here are some new standards.' If you're not regulated you won't be touched at all."

Reporting by Steve Holland, Deborah Charles and Joseph Menn. Writing by Warren Strobel.

——

MSN News on Facebook and Twitter

Stay up to date on breaking news and current events.

Friend us on Facebook: www.facebook.com/news.msn

Follow us on Twitter: www.twitter.com/msnnews