While there is no question that better information sharing is needed, across the industry and between private sectors and the government, to combat the increasing threat of cyberattacks and espionage, it is unclear that the EO and the ensuing framework and programs will change the game significantly.
The EO actually does a couple of good things: It authorizes government agencies to share classified and unclassified threat and technical information with critical infrastructure owners and operators and allows for the expedited processing of security clearances to personnel within these entities.
Even though the bill may contain provisions that are problematic, it opens the door for business to ask Congress to limit the reach of the EO and PPD-21 by requiring all cybersecurity regulations to be specifically authorized by Congress.