Cybersecurity’s New ‘Order’


WASHINGTON — Cybersecurity has returned to the capital’s to-do list, but the high-profile move of a long-awaited executive order from President Obama does not appear to pose an imminent hurdle to cable operators’ ability to respond to cyber threats — or to hurt their businesses.

Obama last week signed his long-telegraphed executive establishing a framework for cybersecurity guidelines and greater government sharing of threat information with affected parties. He made it clear that the framework was voluntary, which will be key for cable operators and other Internet-service provider, and will be a year or more in the making at that.

The language is sufficiently broad that industry players could live with it, so long as it remains entirely voluntary, a source familiar with industry lobbying on the issue said.

The framework is billed as a “set of standards, methodologies, procedures and processes that align policy, business and technological approaches to address cyber risks.” It makes compliance voluntary and says the framework shall “incorporate voluntary consensus standards and industry best practices to the fullest extent possible.”

The “voluntary” part has been the main sticking point with Democratic cybersecurity legislation that included proposed guidelines. Both Democrats and Republicans agree that cybersecurity threats are a growing problem that legislation can help address. Democrats backed a bill to establish voluntary guidelines, but Republicans argued those would morph into mandates and steadfastly stuck to their own bill, which focuses on information sharing and liability protection for companies that share that data with the government and each other.

The National Cable & Telecommunications Association was sounding a cooperative note in its statement on the order. “We share the administration’s desire to improve our nation’s cyber defenses by promoting better collaboration between public and private sectors and will work constructively through the [executive order] process to focus on solutions that promote shared responsibility and avoid unnecessary regulatory entanglements,” the trade group said.

While the order cleared the way for the government to share more threat information with private companies, the NCTA remains concerned about protecting the flow of information in the other direction.

“We firmly hope that such action will not delay congressional action to extend appropriate liability protections that are needed to facilitate the sharing of key information about cyber threats and to encourage providers to act appropriately in monitoring and responding to cyber threats,” the NCTA said.