Posts tagged Executive Order
Executive Order on Improving Critical Infrastructure Cybersecurity
RELATED STORY: Obama’s Private Army and FEMA Detention Camps
The U.S. government is expanding a cybersecurity program that scans Internet traffic headed into and out of defense contractors to include far more of the country’s private, civilian-run infrastructure.
As a result, more private sector employees than ever before, including those at big banks, utilities and key transportation companies, will have their emails and Web surfing scanned as a precaution against cyber attacks.
Under last month’s White House executive order on cybersecurity, the scans will be driven by classified information provided by U.S. intelligence agencies — including data from the National Security Agency (NSA) — on new or especially serious espionage threats and other hacking attempts. U.S. spy chiefs said on March 12 that cyber attacks have supplanted terrorism as the top threat to the country.
The Department of Homeland Security will gather the secret data and pass it to a small group of telecommunication companies and cyber security providers that have employees holding security clearances, government and industry officials said. Those companies will then offer to process email and other Internet transmissions for critical infrastructure customers that choose to participate in the program.
DHS as the middleman
By using DHS as the middleman, the Obama administration hopes to bring the formidable overseas intelligence-gathering of the NSA closer to ordinary U.S. residents without triggering an outcry from privacy advocates who have long been leery of the spy agency’s eavesdropping.
The telecom companies will not report back to the government on what they see, except in aggregate statistics, a senior DHS official said in an interview granted on condition he not be identified.
“That allows us to provide more sensitive information,” the official said. “We will provide the information to the security service providers that they need to perform this function.” Procedures are to be established within six months of the order.
The administration is separately seeking legislation that would give incentives to private companies, including communications carriers, to disclose more to the government. NSA Director General Keith Alexander said last week that NSA did not want personal data but Internet service providers could inform the government about malicious software they find and the Internet Protocol addresses they were sent to and from.
“There is a way to do this that ensures civil liberties and privacy and does ensure the protection of the country,” Alexander told a congressional hearing.
Fears grow of destructive attack
In the past, Internet traffic-scanning efforts were mainly limited to government networks and Defense Department contractors, which have long been targets of foreign espionage.
But as fears grow of a destructive cyber attack on core, non-military assets, and more sweeping security legislation remained stalled, the Obama administration opted to widen the program.
Last month’s presidential order calls for commercial providers of “enhanced cybersecurity services” to extend their offerings to critical infrastructure companies. What constitutes critical infrastructure is still being refined, but it would include utilities, banks and transportation such as trains and highways.
Under the program, critical infrastructure companies will pay the providers, which will use the classified information to block attacks before they reach the customers. The classified information involves suspect Web addresses, strings of characters, email sender names and the like.
Not all the cybersecurity providers will be telecom companies, though AT&T is one. Raytheon said this month it had agreed with DHS to become a provider, and a spokesman said that customers could route their traffic to Raytheon after receiving it from their communications company.
As the new set-up takes shape, DHS officials and industry executives said some security equipment makers were working on hardware that could take classified rules about blocking traffic and act on them without the operator being able to reverse-engineer the codes. That way, people wouldn’t need a security clearance to use the equipment.
Civil liberties implications
The issue of scanning everything headed to a utility or a bank still has civil liberties implications, even if each company is a voluntary participant.
Lee Tien, a senior staff attorney with the nonprofit Electronic Frontier Foundation, said that the executive order did not weaken existing privacy laws, but any time a machine acting on classified information is processing private communications, it raises questions about the possibility of secret extra functions that are unlikely to be answered definitively.
“You have to wonder what else that box does,” Tien said.
One technique for examining email and other electronic packets en route, called deep packet inspection, has stirred controversy for years, and some cybersecurity providers said they would not be using that. In deep packet inspection, communication companies or others with network access can examine all the elements of a transmission, including the content of emails.
“The signatures provided by DHS do not require deep packet inspection,” said Steve Hawkins, vice president at Raytheon’s Intelligence and Information Systems division, referring further questions to DHS.
The DHS official said the government is still in conversations with the telecom operators on the issue. The official said the government had no plans to roll out any such form of government-guided close examination of Internet traffic into the communications companies serving the general public. source – NBC News
Will 2013 be the year that the American people were finally disarmed?
Vice President Joe Biden revealed that President Barack Obama might use an executive order to deal with guns.
RELATED STORY: Barack Hussein Obama and the Rise Of Hitler
“The president is going to act,” said Biden, giving some comments to the press before a meeting with victims of gun violence. “There are executives orders, there’s executive action that can be taken.
We haven’t decided what that is yet. But we’re compiling it all with the help of the attorney general and the rest of the cabinet members as well as legislative action that we believe is required.”
Biden said that this is a moral issue and that “it’s critically important that we act.”
Biden talked also about taking responsible action. “As the president said, if you’re actions result in only saving one life, they’re worth taking. But I’m convinced we can affect the well-being of millions of americans and take thousands of people out of harm’s way if we act responsibly.”
RELATED STORY: 13 Similarities Between Obama And Hitler
Biden, as he himself noted, helped write the Brady bill.
Eric Holder was scheduled to be at the meeting that’s currently take place at the White House. source – Weekly Standard
Senate Republicans recently blocked cybersecurity legislation, but the issue might not be dead after all. The White House hasn’t ruled out issuing an executive order to strengthen the nation’s defenses against cyber attacks if Congress refuses to act.
“In the wake of Congressional inaction and Republican stall tactics, unfortunately, we will continue to be hamstrung by outdated and inadequate statutory authorities that the legislation would have fixed,” White House Press Secretary Jay Carney said in an emailed response to whether the president is considering a cybersecurity order.
“Moving forward, the President is determined to do absolutely everything we can to better protect our nation against today’s cyber threats and we will do that,” Carney said.
The White House has emphasized that better protecting vital computer systems is a top priority.
The administration proposed its own legislation package in 2011, sent officials to testify at 17 congressional hearings and presented more than 100 briefings on the issue. In a recent Wall Street Journal op-ed, President Obama warned that a successful cyber attack on a bank, water system, electrical grid or hospital could have devastating consequences.
The president urged Congress to pass the Cybersecurity Act, which was offered by Sens. Joe Lieberman (I-Conn.) and Susan Collins (R-Maine). The bill would have encouraged private companies and the government to share information about cyber threats and would have required critical infrastructure operators to meet minimum cybersecurity standards.
But Senate Republicans, led by Sen. John McCain (R-Ariz.), worried the bill would burden businesses with unnecessary and ineffective regulations.
The bill’s sponsors watered down the regulatory provisions, replacing the security mandates with voluntary incentives, but that wasn’t enough to win over Republicans. The bill mustered 52 votes in the Senate, well short of the 60 needed to overcome a filibuster.
If Obama issues an order on cybersecurity, it wouldn’t be the first time that his administration has resorted to executive action to bypass Congress.
Obama uses the slogan “we can’t wait” to argue that some issues are too important to be allowed to stall in Congress.
When lawmakers refused to pass the Dream Act to give legal status to students brought to the country illegally, the administration announced that it would stop deporting young immigrants who would have been eligible to stay under the bill.
Jim Lewis, a senior fellow at the Center for Strategic and International Studies, explained that Obama could enact many of the core provisions of the Cybersecurity Act through executive order.
Many companies managing vital computer systems are already heavily regulated. Lewis said the president could order agencies to require the industries they regulate to meet cybersecurity standards.
“You don’t need new legislative authority to do that,” Lewis said.
He noted that some regulatory agencies, including the Federal Communications Commission and the Nuclear Regulatory Commission, are independent and not bound to follow executive orders. But Lewis predicted that even the independent agencies would likely enforce an executive order on cybersecurity.
Lewis said the Office of Management and Budget is already working on security standards for federal computer systems, and said those guidelines could form the basis of standards for the private sector.
Lewis acknowledged that the provisions of the Cybersecurity Act that would have torn down legal barriers to information-sharing would have to be enacted by Congress. Although those provisions were the ones most strongly supported by the business community, Lewis expressed skepticism that they would do much to improve cybersecurity anyway.
“You can have them or don’t have them. Who cares,” he said.
But Lewis said that an executive order could even partially address information-sharing. The FCC, for example, has set up a voluntary system for companies to share information about cyber threats with each other, he said.
An executive order may accomplish many of the goals of the Cybersecurity Act, but it could also further raise the ire of Republicans and the business groups, such as the U.S. Chamber of Commerce, who lobbied against the legislation.
Republicans have already accused President Obama of making illegal power grabs with his previous executive actions, and a cybersecurity order would likely elicit similar howls of disapproval.
Although Sen. Collins was frustrated by the defeat of her bill, she reacted coolly to the idea of the president bypassing Congress.
“I’m not for doing by executive order what should be done by legislation,” she said.
Sen. Dianne Feinstein (D-Calif.), one of the main co-sponsors of the Cybersecurity Act, said she prefers that Congress address the problem, but she is open to presidential action if Congress fails.
“I suppose if we can’t, the answer would be yes,” she said when asked whether she would support an executive order. source – The Hill
Executive Order — Assignment of National Security and Emergency Preparedness Communications Functions
EXECUTIVE ORDER – Signed July 6, 2012
- – - – - – -
ASSIGNMENT OF NATIONAL SECURITY AND
EMERGENCY PREPAREDNESS COMMUNICATIONS FUNCTIONS
By the authority vested in me as President by the Constitution and the laws of the United States of America, it is hereby ordered as follows:
Section 1. Policy. The Federal Government must have the ability to communicate at all times and under all circumstances to carry out its most critical and time sensitive missions. Survivable, resilient, enduring, and effective communications, both domestic and international, are essential to enable the executive branch to communicate within itself and with: the legislative and judicial branches; State, local, territorial, and tribal governments; private sector entities; and the public, allies, and other nations. Such communications must be possible under all circumstances to ensure national security, effectively manage emergencies, and improve national resilience. The views of all levels of government, the private and nonprofit sectors, and the public must inform the development of national security and emergency preparedness (NS/EP) communications policies, programs, and capabilities.
Sec. 2. Executive Office Responsibilities.
Sec. 2.1. Policy coordination, guidance, dispute resolution, and periodic in-progress reviews for the functions described and assigned herein shall be provided through the interagency process established in Presidential Policy Directive-1 of February 13, 2009 (Organization of the National Security Council System) (PPD-1).
Sec. 2.2. The Director of the Office of Science and Technology Policy (OSTP) shall: (a) issue an annual memorandum to the NS/EP Communications Executive Committee (established in section 3 of this order) highlighting national priorities for Executive Committee analyses, studies, research, and development regarding NS/EP communications;
(b) advise the President on the prioritization of radio spectrum and wired communications that support NS/EP functions; and
(c) have access to all appropriate information related to the test, exercise, evaluation, and readiness of the capabilities of all existing and planned NS/EP communications systems, networks, and facilities to meet all executive branch NS/EP requirements.
Sec. 2.3. The Assistant to the President for Homeland Security and Counterterrorism and the Director of OSTP shall make recommendations to the President, informed by the interagency policy process established in PPD-1, with respect to the exercise of authorities assigned to the President under section 706 of the Communications Act of 1934, as amended (47 U.S.C. 606). The Assistant to the President for Homeland Security and Counterterrorism and the Director of OSTP shall also jointly monitor the exercise of these authorities, in the event of any delegation, through the process established in PPD-1 or as the President otherwise may direct.
Sec. 3. The NS/EP Communications Executive Committee.
Sec. 3.1. There is established an NS/EP Communications Executive Committee (Executive Committee) to serve as a forum to address NS/EP communications matters.
Sec. 3.2. The Executive Committee shall be composed of Assistant Secretary-level or equivalent representatives designated by the heads of the Departments of State, Defense, Justice, Commerce, and Homeland Security, the Office of the Director of National Intelligence (DNI), the General Services Administration, and the Federal Communications Commission, as well as such additional agencies as the Executive Committee may designate. The designees of the Secretary of Homeland Security and the Secretary of Defense shall serve as Co-Chairs of the Executive Committee.
Sec. 3.3. The responsibilities of the Executive Committee shall be to: (a) advise and make policy recommendations to the President, through the PPD-1 process, on enhancing the survivability, resilience, and future architecture of NS/EP communications, including what should constitute NS/EP communications requirements;
(b) develop a long-term strategic vision for NS/EP communications and propose funding requirements and plans to the President and the Director of the Office of Management and Budget (OMB), through the PPD-1 process, for NS/EP communications initiatives that benefit multiple agencies or other Federal entities;
(c) coordinate the planning for, and provision of, NS/EP communications for the Federal Government under all hazards;
(d) promote the incorporation of the optimal combination of hardness, redundancy, mobility, connectivity, interoperability, restorability, and security to obtain, to the maximum extent practicable, the survivability of NS/EP communications under all circumstances;
(e) recommend to the President, through the PPD-1 process, the regimes to test, exercise, and evaluate the capabilities of existing and planned communications systems, networks, or facilities to meet all executive branch NS/EP communications requirements, including any recommended remedial actions;
(f) provide quarterly updates to the Assistant to the President for Homeland Security and Counterterrorism and the Director of OSTP, through the Co-Chairs, on the status of Executive Committee activities and develop an annual NS/EP communications strategic agenda utilizing the PPD-1 process;
(g) enable industry input with respect to the responsibilities established in this section; and
(h) develop, approve, and maintain a charter for the Executive Committee.
Sec. 4. Executive Committee Joint Program Office.
Sec. 4.1. The Secretary of Homeland Security shall establish an Executive Committee Joint Program Office (JPO) to provide full-time, expert, and administrative support for the Executive Committee’s performance of its responsibilities under section 3.3 of this order. Staff of the JPO shall include detailees, as needed and appropriate, from agencies represented on the Executive Committee. The Department of Homeland Security shall provide resources to support the JPO. The JPO shall be responsive to the guidance of the Executive Committee.
Sec. 4.2. The responsibilities of the JPO shall include: coordination of programs that support NS/EP missions, priorities, goals, and policy; and, when directed by the Executive Committee, the convening of governmental and nongovernmental groups (consistent with the Federal Advisory Committees Act, as amended (5 U.S.C. App.)), coordination of activities, and development of policies for senior official review and approval.
Sec. 5. Specific Department and Agency Responsibilities.
Sec. 5.1. The Secretary of Defense shall: (a) oversee the development, testing, implementation, and sustainment of NS/EP communications that are directly responsive to the national security needs of the President, Vice President, and senior national leadership, including: communications with or among the President, Vice President, White House staff, heads of state and government, and Nuclear Command and Control leadership; Continuity of Government communications; and communications among the executive, judicial, and legislative branches to support Enduring Constitutional Government;
(b) incorporate, integrate, and ensure interoperability and the optimal combination of hardness, redundancy, mobility, connectivity, interoperability, restorability, and security to obtain, to the maximum extent practicable, the survivability of NS/EP communications defined in section 5.1(a) of this order under all circumstances, including conditions of crisis or emergency;
(c) provide to the Executive Committee the technical support necessary to develop and maintain plans adequate to provide for the security and protection of NS/EP communications; and
(d) provide, operate, and maintain communication services and facilities adequate to execute responsibilities consistent with Executive Order 12333 of December 4, 1981, as amended.
Sec. 5.2. The Secretary of Homeland Security shall: (a) oversee the development, testing, implementation, and sustainment of NS/EP communications, including: communications that support Continuity of Government; Federal, State, local, territorial, and tribal emergency preparedness and response communications; non-military executive branch communications systems; critical infrastructure protection networks; and non-military communications networks, particularly with respect to prioritization and restoration;
(b) incorporate, integrate, and ensure interoperability and the necessary combination of hardness, redundancy, mobility, connectivity, interoperability, restorability, and security to obtain, to the maximum extent practicable, the survivability of NS/EP communications defined in section 5.2(a) of this order under all circumstances, including conditions of crisis or emergency;
(c) provide to the Executive Committee the technical support necessary to develop and maintain plans adequate to provide for the security and protection of NS/EP communications;
(d) receive, integrate, and disseminate NS/EP communications information to the Federal Government and State, local, territorial, and tribal governments, as appropriate, to establish situational awareness, priority setting recommendations, and a common operating picture for NS/EP communications information;
(e) satisfy priority communications requirements through the use of commercial, Government, and privately owned communications resources, when appropriate;
(f) maintain a joint industry-Government center that is capable of assisting in the initiation, coordination, restoration, and reconstitution of NS/EP communications services or facilities under all conditions of emerging threats, crisis, or emergency;
(g) serve as the Federal lead for the prioritized restoration of communications infrastructure and coordinate the prioritization and restoration of communications, including resolution of any conflicts in or among priorities, in coordination with the Secretary of Defense when activities referenced in section 5.1(a) of this order are impacted, consistent with the National Response Framework. If conflicts in or among priorities cannot be resolved between the Departments of Defense and Homeland Security, they shall be referred for resolution in accordance with section 2.1 of this order; and
(h) within 60 days of the date of this order, in consultation with the Executive Committee where appropriate, develop and submit to the President, through the Assistant to the President for Homeland Security and Counterterrorism, a detailed plan that describes the Department of Homeland
Security’s organization and management structure for its NS/EP communications functions, including the Government Emergency Telecommunications Service, Wireless Priority Service, Telecommunications Service Priority program, Next Generation Network Priority program, the Executive Committee JPO, and relevant supporting entities.
Sec. 5.3. The Secretary of Commerce shall: (a) provide advice and guidance to the Executive Committee on the use of technical standards and metrics to support execution of NS/EP communications;
(b) identify for the Executive Committee requirements for additional technical standards and metrics to enhance NS/EP communications;
(c) engage with relevant standards development organizations to develop appropriate technical standards and metrics to enhance NS/EP communications;
(d) develop plans and procedures concerning radio spectrum allocations, assignments, and priorities for use by agencies and executive offices;
(e) develop, maintain, and publish policies, plans, and procedures for the management and use of radio frequency assignments, including the authority to amend, modify, or revoke such assignments, in those parts of the electromagnetic spectrum assigned to the Federal Government; and
(f) administer a system of radio spectrum priorities for those spectrum-dependent telecommunications resources belonging to and operated by the Federal Government and certify or approve such radio spectrum priorities, including the resolution of conflicts in or among such radio spectrum priorities during a crisis or emergency.
Sec. 5.4. The Administrator of General Services shall provide and maintain a common Federal acquisition approach that allows for the efficient centralized purchasing of equipment and services that meet NS/EP communications requirements. Nothing in this section shall be construed to impair or otherwise affect the procurement authorities granted by law to an agency or the head thereof.
Sec. 5.5. With respect to the Intelligence Community, the DNI, after consultation with the heads of affected agencies, may issue such policy directives and guidance as the DNI deems necessary to implement this order. Procedures or other guidance issued by the heads of elements of the Intelligence Community shall be in accordance with such policy directives or guidelines issued by the DNI.
Sec. 5.6. The Federal Communications Commission performs such functions as are required by law, including: (a) with respect to all entities licensed or regulated by the Federal Communications Commission: the extension, discontinuance, or reduction of common carrier facilities or services; the control of common carrier rates, charges, practices, and classifications; the construction, authorization, activation, deactivation, or closing of radio stations, services, and facilities; the assignment of radio frequencies to Federal Communications Commission licensees; the investigation of violations of pertinent law; and the assessment of communications service provider emergency needs and resources; and
(b) supporting the continuous operation and restoration of critical communications systems and services by assisting the Secretary of Homeland Security with infrastructure damage assessment and restoration, and by providing the Secretary of Homeland Security with information collected by the Federal Communications Commission on communications infrastructure, service outages, and restoration, as appropriate.
Sec. 6. General Agency Responsibilities. All agencies, to the extent consistent with law, shall: (a) determine the scope of their NS/EP communications requirements, and provide information regarding such requirements to the Executive Committee;
(b) prepare policies, plans, and procedures concerning communications facilities, services, or equipment under their management or operational control to maximize their capability to respond to the NS/EP needs of the Federal Government;
(c) propose initiatives, where possible, that may benefit multiple agencies or other Federal entities;
(d) administer programs that support broad NS/EP communications goals and policies;
(e) submit reports annually, or as otherwise requested, to the Executive Committee, regarding agency NS/EP communications activities;
(f) devise internal acquisition strategies in support of the centralized acquisition approach provided by the General Services Administration pursuant to section 5.4 of this order; and
(g) provide the Secretary of Homeland Security with timely reporting on NS/EP communications status to inform the common operating picture required under 6 U.S.C. 321(d).
Sec. 7. General Provisions. (a) For the purposes of this order, the word “agency” shall have the meaning set forth in section 6.1(b) of Executive Order 13526 of December 29, 2009.
(b) Executive Order 12472 of April 3, 1984, as amended, is hereby revoked.
(c) Executive Order 12382 of September 13, 1982, as amended, is further amended by striking the following language from section 2(e): “in his capacity as Executive Agent for the National Communications System”.
(d) Nothing in this order shall be construed to impair or otherwise affect:
(i) the authority granted by law to an agency, or the head thereof; or
(ii) the functions of the Director of the OMB relating to budgetary, administrative, or legislative proposals.
(e) This order shall be implemented consistent with applicable law and subject to the availability of appropriations.
(f) This order is not intended to, and does not, create any right or benefit, substantive or procedural, enforceable at law or in equity by any party against the United States, its departments, agencies, or entities, its officers, employees, or agents, or any other person.
BARACK OBAMA source – WhiteHouse.gov