WASHINGTON — President Barack Obama on Tuesday signed an executive order seeking better protection of the country's critical infrastructure from cyber attacks that are a growing concern to the economy and national security.
The long-expected executive order, unveiled in the State of the Union speech, follows last year's failed attempt by the U.S. Congress to pass a law to confront continuing electronic attacks on the networks of U.S. companies and government agencies.
The order, which does not have the same force as law, directs federal authorities to improve information sharing on cyber threats — including some that may be classified — with companies that provide or support critical infrastructure.
Cyber attacks in recent months targeted a succession of major U.S. companies and government agencies, adding fuel to the debate about how the government and the private sector, which runs most of the critical U.S. infrastructure, can best protect sensitive information.
Obama's order directs government officials, led by the secretary of homeland security, in the next year to create standards to reduce cybersecurity risks. The government will offer incentives to encourage companies to adopt them, but because it lacks legal enforcement power, adoption of the so-called Cybersecurity Framework will be voluntary.
To help companies protect themselves, the order also will set up a program to ease delivery of classified cyber threat information to eligible companies. It also calls for expedited security clearances for some company employees who deal with critical infrastructure.
The executive order carries no power to compel companies to reciprocate or to exchange cybersecurity information among themselves.
That is one reason why the White House hopes Congress this year will attempt to revive a cybersecurity bill that failed last year.
"This does not eliminate the need for legislation," said one senior administration official. Another official called the executive action a "down payment" on new legislation.
Last year's bill, which also included liability protection for companies, is expected to be reintroduced on Wednesday, according to its author, Republican Representative Mike Rogers, who chairs the House Intelligence Committee.
"We agree that our biggest barriers to bolster our cyber defenses can be fixed only with legislation," Rogers said earlier on Tuesday.
His legislation last year passed the House of Representatives but not the Senate, largely because of concerns about protecting private information, particularly when it comes to sharing private data with the government.
Obama's executive order requires government officials to comply with and routinely assess privacy standards and civil liberties protections.
(Reporting by Alina Selyukh; Additional reporting by Joseph Menn in San Francisco; Editing by Marilyn W. Thompson and Eric Beech)