IDG Contributor Network: Why executive orders aren't enough to fix cybersecurity


Cybersecurity has spent a lot of time in the national spotlight over the last year, with major breaches revealed at Yahoo and the DNC, not to mention the thousands of connected devices being repurposed into botnets to take down the internet. But all this rising awareness hasn’t yet translated into serious action from lawmakers to address the new wave of cybersecurity threats, particularly in terms of application security. 

An executive order may be pending, but what I have seen from the previewed drafts so far is little more than history repeating itself. Rather than accept the work of the previous administration’s review on cybersecurity, President Obama ordered a 60-day review in order to get his own perspective. Current drafts of this executive order look like they are following the same path.

Unfortunately, identifying the vulnerabilities in our country’s infrastructure is the easy part. Making effective recommendations that organizations will be able to follow is the challenge. A general directive will do little to help the need for a more granular approach to high-risk spaces like the application layer. 

What cybersecurity legislation looks like now

The good news is that there are certain regulatory groups headed in the right direction. One such group is . It should be commended for getting the ball rolling on this front by proposing stricter cybersecurity regulations that include several standards surrounding application security.