Editor’s Note: The new cybersecurity Executive Order is attached here.
The regulatory nature of the Order was made evident in Sec. 10.b’s discussion of agencies proposing “prioritized, risk-based, efficient, and coordinated actions, consistent with Executive Order 12866…” and in the Section’s frank discussion of “cybersecurity requirements.”
The Order’s strong emphasis on use of private sector standards is very significant along with the Order’s instance on cost-effectiveness. What remains to be seen is the extent to which industry compliance with the Order provides companies with safety from regulatory and legal hazards.
Whether the Order succeeds in providing much needed improvement in protecting critical infrastructure will depend on how closely all of its provisions are adhered to and enforced.