On Feb. 12, 2013, the president issued the Executive Order for Improving Critical Infrastructure Cybersecurity (a.k.a., Executive Order 13636).
The move is geared to encourage information-sharing between government and industry when it comes to defending against threats to critical infrastructure. “We know hackers steal people’s identities and infiltrate private email," Obama noted in that evening's State of the Union address. "We know foreign countries and companies swipe our corporate secrets. Now our enemies are also seeking the ability to sabotage our power grid, our financial institutions and our air traffic control systems.”
In accordance with Section 8(e) of Executive Order 13636, within 120 days of its issue, the "General Services Administration and the Department of Defense, in consultation with the Department of Homeland Security and the Federal Acquisition Regulation Council, are required to make recommendations on the feasibility, security benefits and relative merits of incorporating security standards into acquisition planning and contract administration, and address what steps can be taken to harmonize, and make consistent, existing procurement requirements related to cybersecurity," the GSA noted. That's a long way of saying that initial recommendations for implementing standards around cybersecurity purchases as part of the umbrella mission to improve the nation's security posture.
"Collaboration and cooperation allows government to deliver critical services to our federal partners and most importantly, the American people," said GSA acting administrator Dan Tangherlini, in an announcement. “The RFI is an important first step to a public-private partnership that will help secure our nation's infrastructure. Developing these cybersecurity procurement recommendations is a priority for GSA and the interagency working group."
“Public outreach is a critically important activity for implementation of the Executive Order,” the GSA noted, and will take “broad stakeholder involvement. Issued in partnership with a federal cybersecurity interagency working group, this RFI is one of the first steps to comply with the mandate to work on improving acquisition cybersecurity policy, implementation and consistency to better manage risks.
Stakeholder input will contribute to the final recommendations report to be issued in the early summer. Since the issuance of the Executive Order in February, the interagency working group has collected feedback from hundreds of stakeholder representatives at dozens of forums in industry, academia and federal, state and local government, the GSA said. This feedback was taken into consideration as the team finalized the RFI.
GSA and the interagency working group will continue to solicit stakeholder participation throughout the process.