Executive Order 13636: Improving Critical Infrastructure Cybersecurity, Department of Homeland Security Integrated Task Force, Incentives Study Analytic Report [open pdf - 1MB]
"In February 2013, the President signed Executive Order (EO) 13636, 'Improving Critical Infrastructure Cybersecurity,' and Presidential Policy Directive (PPD)-21, 'Critical Infrastructure Security and Resilience.' That same day, President Obama warned in his State of the Union Address: America must also face the rapidly growing threat from cyber-attacks. We know hackers steal people's identities and infiltrate private e-mail. We know foreign countries and companies swipe our corporate secrets. Now our enemies are also seeking the ability to sabotage our power grid, our financial institutions, and our air traffic control systems. We cannot look back years from now and wonder why we did nothing in the face of real threats to our security and our economy. The policies set forth in these directives are intended to strengthen the security and resilience of critical infrastructure against evolving threats and hazards, while incorporating strong privacy and civil liberties protections into every cybersecurity initiative. These documents call for an updated and overarching national Framework that reflects the increasing role of cybersecurity in securing physical assets. […] EO 13636 and PPD-21 are intended to strengthen the security and resilience of critical infrastructure through an updated and overarching national Framework that acknowledges the increased role of cybersecurity in securing physical assets. The government and the private sector have a mutually shared interest in ensuring the viability of critical infrastructure, and the provision of essential services, under all conditions. Critical infrastructure owners and operators are often the greatest beneficiary of investing in their own security, and they have a social responsibility to adopt best practices for cybersecurity. However, the private sector may be justifiably concerned about the return on security investments that may not yield immediately measureable benefits. Effective incentives can help the private sector justify the costs of improved cybersecurity by balancing the short-term costs of additional investment with similarly near-term benefits."
U.S. Department of Homeland Security: http://www.dhs.gov/