US president Barack Obama is considering issuing an executive order that will force companies that are part of the nation’s critical infrastructure to improve their cyber security skills.
US Congress recently failed to pass a bill supported by Obama that would have seen voluntary cyber security standards implemented by critical infrastructure companies. Now it seems the president may push through similar laws anyway.
Speaking to the US Council on Foreign Relations, White House homeland security adviser John Brennan said: "One of the things that we need to do in the executive branch is to see what we can do to maybe put additional guidelines and policies in place under executive branch authority."
"I mean if the Congress is not going to act then the president wants to make sure that we are doing everything possible," he said.
According to Reuters no further details on timings or specifics were offered but sources confirmed the idea was being considered by president Obama.
Brennan said that such an order would be a "good vehicle" to help the US protect its critical national infrastructure, such as power stations and water supplies. He added that the US is already facing a severe threat from cyber attacks.
The US is of course no stranger to cyber attacks targeting critical national infrastructure, both as a victim and aggressor. It was revealed recently that the US was behind the Stuxnet virus, which attacked nuclear facilities in Iran. It is also believed the US was behind the Flame malware, which targeted nations across the Middle East and gathered any intelligence it could find, such as emails and IM conversations.
Security companies have often spoken about the cyber threat to critical national infrastructure. James Lyne of Sophos told CBR last year that attacks on the computer systems at power plants and other infrastructure would increase.
