The much anticipated executive order titled “Improving Critical Infrastructure Cybersecurity” was recently unveiled by the White House. As much praise as the President’s order garnered, there are still many unknowns about how the order impacts not just healthcare but all major industries in the United States. In the era of HIPAA, HITECH, SOX and another dozen regulatory security compliance acronyms how should the order be regarded? Potential, nothing more.
To understand what the executive order means and doesn’t mean we have to break it down into its two primary components: information sharing and security framework. Of these two the information-sharing piece is the one that could yield real benefit in the present. This section requires the federal government to report cyber security threats to private industry in a timely manner, if these threats are labeled as unclassified. The value of this kind of knowledge to a company in the crosshairs is enormous. However, the classification is a big IF so don’t expect your friendly neighborhood federal agent to routinely call you every time there is a threat on the horizon.