Obama, in his annual State of the Union speech to a joint session of the US Congress, said his executive order would "strengthen our cyber defenses by increasing information sharing, and developing standards to protect our national security, our jobs and our privacy." The president also urged Congress to pass legislation "to give our government a greater capacity to secure our networks and deter attacks." The executive order (PDF) calls for voluntary reporting of threats to US infrastructure, such as power grids, pipelines and water systems. The directive, which follows two failed attempts in Congress to pass cybersecurity legislation, allows the government to lead an information-sharing network but stops short of making mandatory the reporting of cyber threats.
House Homeland Security Chairman Michael McCaul said he was "concerned that the order could open the door to increased regulations that would stifle innovation, burden businesses and fail to keep pace with evolving cyber threats."
Leslie Harris of the Center for Democracy & Technology welcomed the directive, arguing it "says that privacy must be built into the government's cybersecurity plans and activities, not as an afterthought but rather as part of the design."
White House officials noted that the measure would not apply to consumer-based services or information systems that do not meet the standard of "critical infrastructure." But the director of George Mason University's Technology Policy Program Jerry Brito said in a tweet that "top-down regulation is the last thing that will improve cybersecurity."