OpRisk North America: executive order on cyber security insufficient
Author: Jessica Meek
Source: Operational Risk & Regulation
Cyber security incident sharing needs to be further developed, conference hears
The executive order released by the White House in February 2013 entitled ‘Improving Critical Infrastructure Cybersecurity‘ does not go far enough to encourage information sharing between institutions, a US Treasury official told the OpRisk North America conference in New York yesterday.
When asked about the difficulties of getting banks to share cyber security incidents because of proprietary issues, Julia Philipp, deputy director of cyber intelligence at the Department of the Treasury, told delegates that the White House’s executive order discussing information sharing on cyber security events could go further.
“While the executive order was an important step in promoting information sharing, we don’t think that it’s sufficient and we are working with members of Congress in advocating comprehensive cyber security legislation.”
Treasury was working to encourage voluntary sharing, she said, but the best solution was legislative change: “We are in favour of comprehensive cyber security legislation that would provide targeted liability protection for firms that share sensitive information with US government because we do want to encourage sharing of information.”