US President Barack Obama has finally signed a much-anticipated executive order to protect key elements of the country's critical infrastructure against cyberattacks.
Covering power plants, water utilities and other high-profile targets, the eight-page order – entitled the "Cybersecurity Framework" – is a direct response to US fears of cyberattacks from China and Iran, among others.
The idea of the order is to lay down minimum security standards for major industries in order to try to prevent huge-scale attacks that could potentially bring down vast swathes of the country's industry.
"We know hackers steal people's identities and infiltrate private email," said Obama.
"We know foreign countries and companies swipe our corporate secrets. Now our enemies are also seeking the ability to sabotage our power grid, our financial institutions and our air traffic control systems," he continued.
In order for the US to avoid a scenario in which "we look back years from now and wonder why we did nothing in the face of real threats to our security and our economy", the executive order states that the government will work closely with organisations in the private sector to develop the standards voluntarily.
The National Institute of Standards and Technology is taking the lead in implementing the framework. It is expected to report back within 240 days with a complete set of guidelines.
Terry Greer-King, UK managing director for internet security company Check Point, commented on the possible wide-ranging effect of the order:
"Together with the EU cyber security plan announced last week, this is a key step forward for both governments and business in realising the need to collaborate and share intelligence to fight web attacks, and reduce their impact.
"Recent attacks such as those against the US Federal Reserve, and ‘Eurograbber', which stole over £30m from European banks, show that almost any organisation is vulnerable, no matter how well-defended they think they are. In 2012, our research found that 63 per cent of organisations were infected with bots, and UK companies reported an average of 66 new security attack attempts every week, with successful incidents costing an average of £145,000. Any move which helps to reduce these figures is very welcome," Greer-King added.