The week's big news: The White House now has issued an executiveorder that explicitly addresses the need to step up cybersecurity defenses because it is game on and there is no apparentturning back from continued digital skirmishes with China, Iran, Russia and various other nationstate players with dreams to reign supreme in the cyber world.

The Feb. 12 order plainly stated: “Repeated cyber intrusionsinto critical infrastructure demonstrate the need for improvedcyber security. The cyber threat to critical infrastructurecontinues to grow and represents one of the most serious nationalsecurity challenges we must confront. The national and economicsecurity of the United States depends on the reliable functioningof the nation's critical infrastructure in the face of suchthreats.”

The key question for us: Are credit unions part of “the nation'scritical infrastructure?”

Pierluigi Stella,chief technology officer of Network Box USA said, “Reading theentirety of the order, one might conceive this to be more relatedto power grid, water systems, refineries and the likes. In realitythough, during his [State of the Union] speech, the president madeclear reference to the cyber threat our banking system faces. As such, one must assume that, in his mind, the banking industry atlarge is part of our critical infrastructure, and that if cybercriminals or cyber enemies were to take down our banking system, itwould have a drastic impact our national economic security.”

As for precisely what Obama said, his State of the Union cybersecurity language is here: “America must alsoface the rapidly growing threat from cyber attacks….Now, we knowhackers steal people's identities and infiltrate private e-mails.We know foreign countries and companies swipe our corporatesecrets. Now our enemies are also seeking the ability to sabotageour power grid, our financial institutions, our air traffic controlsystems. We cannot look back years from now and wonder why we didnothing in the face of real threats to our security and oureconomy.”

Which means: Yes, probably credit unions – as “financialinstitutions” – indeed are part of the “critical infrastructure”and, therefore, the White House is exhorting them to share cyberthreat information with the U.S. government.

Realistically, however, Stella cautions that no credit unionshould expect a summons from the Department of Homeland Securityanytime soon.

The nation's money center banks will get those invites andpossibly a sprinkling of the largest credit unions will too. But, at least in the early days of this cyber security campaign,most credit unions will escape the scrutiny of the executivebranch.

And do note, the executive order is clear that compliance withdisclosure requests will be “voluntary” on the part of privatesector entities.

Yet that does not mean inaction is a good idea, cautioned JerryIrvine, CEO of security firm Prescient Solutions, who stressed that“financial institutions need to get their security ducks in arow.”

Irvine worried that if details leaked out about a cyberintrusion and the financial institution appeared to be illprepared, “that could impact goodwill and reputation.”

Irvine's advice is to gear up to meet present industry bestpractices. That probably will be good enough, at least to evadecyber censure for unpreparedness, suggested Irvine.

Know however that the executive order is a kind of rough draft –“It's very vague,” shrugged Irvine. Within 240 days of itsissuance, a draft of a cyber-security framework will be releasedfor comment and within one year, a final version of the cybersecurity document will be released.

That document may of much more use in the way ofspecifics. Until then, said Irvine, a credit union thatimplements best practices can know it is doing just about the bestit could.