February 14, 2013

Multiple publications interview Jamie Barnett on cybersecurity executive order

3 min

Venable partner Jamie Barnett was quoted in multiple publications on President Obama’s recent executive order on cybersecurity. The executive order aims to increase national cyber defenses in infrastructure, improve information sharing about cyberthreats, and establish a cybersecurity best practice framework. While praised by many, the executive order does lack details about what constitutes best practices, leaving that up to a collaboration between the public and private sector.

After President Obama mentioned the executive order during his State of the Union address, Admiral Barnett told the National Law Journal in a February 12, 2013 interview that “companies will want to be involved in the government's discussion about that framework of best practices, which will be hashed out in a process that may take months.” Offering advice to companies impacted by the executive order, Admiral Barnett said, “They're going to want their legal counsel on this because they don't want to be on the wrong side or have the wrong standards adopted, and they're going to want to at least have their concerns heard.”

“The main thing for companies will be to not fall asleep at the switch,” Admiral Barnett told Law360 in a February 13, 2013 interview. “The industry has practices and methods that they have already established for themselves. They'll want to make sure that those are represented and that their concerns are brought forward. This order invites a very open discussion, but it has to be a two-way discussion.”

In a February 13, 2012 interview with Government Technology, Admiral Barnett said the Department of Homeland Security and the National Institute of Standards and Technology [NIST] will work together with industry to develop the framework for cybersecurity standards. “The process run by the National Institute of Standards and Technology will incorporate the thoughts, best practices and methodologies of companies and stakeholders from every critical infrastructure sector,” Admiral Barnett said. “This process will result in voluntary industry standards, best practices and methods for cybersecurity, but in doing so, America may come to expect a level of performance for cybersecurity of each company within that sector.” Admiral Barnett noted that the NIST process is designed to solicit participation from industry and stakeholders. “And companies and associations would do well to monitor and participate in the process,” he added. Admiral Barnett also said the executive order will do not everything that is necessary and Congress must pass a full cybersecurity bill. “Everyone acknowledges that legislation will be necessary to do what is effective,” he said. “That includes providing protections for companies to share information, limitations of liability for protecting their networks, privacy protections for customers and stakeholders, addressing supply chain threats and ensuring that agencies have the authority needed to prevent and prosecute cybercrime.”

Speaking with NBC News on February 13, 2013, Admiral Barnett pointed to a recent “zombie alert” practical joke where hackers cracked the Emergency Alert System in Montana and warned citizens about attacking zombies which demonstrates a real risk to the system. “Somebody hacked in and did a very good job of making it sound real, “ Admiral Barnett told NBC News. “The problem was bad computer hygiene. [Admins] didn't change the passwords, so it was easy for someone to break into it.” Commenting on the executive order’s impact on peoples’ everyday lives, Admiral Barnett said, “For the average American, some of this will run in the background.” He added that evidence of a security breach “might show up as their computer running slow. Or maybe an individual gets contacted by their bank saying 'We need to send you a new debit or credit card because this one's been breached.’”