The information on this website is presented as a service for our clients and Internet users and is not intended to be legal advice, nor should you consider it as such. Although we welcome your inquiries, please keep in mind that merely contacting us will not establish an attorney-client relationship between us. Consequently, you should not convey any confidential information to us until a formal attorney-client relationship has been established. Please remember that electronic correspondence on the internet is not secure and that you should not include sensitive or confidential information in messages. With that in mind, we look forward to hearing from you.

Skip to Content

The White House Issues an Executive Order on Cybersecurity

During the State of the Union address, President Obama announced that he had signed and issued an Executive Order on cybersecurity.  

The Executive Order calls for cooperation and information sharing between the private sector and government. It sets forth a variety of requirements for regulatory agencies intended to improve the nation’s readiness for cyber threats and to protect critical infrastructure. 

The Executive Order gives the Secretary of Homeland Security 150 days to identify critical infrastructure where a cyber incident “could reasonably result in a debilitating impact on national security, national economic security, or national public health and safety.” 

Within 240 days, the National Institute of Standards and Technology (NIST) must publish a framework to reduce cyber risks to critical infrastructure and the framework shall:

  • create a set of standards that aligns policy, business, and technology to address cyber risks
  • identify areas that need improvement and that can benefit from public and private collaborations
  • include guidance for measuring performance
  • be consistent with international standards
  • include industry best practices and voluntary consensus standards

A final version of the NIST framework must be completed by February 2014. 

While this Executive Order, like any other, is directed at federal agencies, its impact on the private sector and non-governmental organizations cannot be overlooked.  Any business or organization regulated by a U.S. federal agency must understand that the government is broadening its reach in the cybersecurity space and that increased scrutiny of cybersecurity programs and breach response is a given. 

So, if you are a bank, hospital, energy provider, or think your business might fall within the “critical infrastructure,” be aware that this Executive Order exists, and will affect your business. 

Carlton Fields is monitoring the developments surrounding this Executive Order and will keep an eye on how the federal agencies implement its guidance. If you have any questions about this Executive Order or cybersecurity legal issues in general, please feel free to contact us.

Authored By
Related Practices
Cybersecurity and Privacy
©2024 Carlton Fields, P.A. Carlton Fields practices law in California through Carlton Fields, LLP. Carlton Fields publications should not be construed as legal advice on any specific facts or circumstances. The contents are intended for general information and educational purposes only, and should not be relied on as if it were advice about a particular fact situation. The distribution of this publication is not intended to create, and receipt of it does not constitute, an attorney-client relationship with Carlton Fields. This publication may not be quoted or referred to in any other publication or proceeding without the prior written consent of the firm, to be given or withheld at our discretion. To request reprint permission for any of our publications, please use our Contact Us form via the link below. The views set forth herein are the personal views of the author and do not necessarily reflect those of the firm. This site may contain hypertext links to information created and maintained by other entities. Carlton Fields does not control or guarantee the accuracy or completeness of this outside information, nor is the inclusion of a link to be intended as an endorsement of those outside sites.