President May Issue Executive Order On Cybersecurity


President Obama reportedly is drafting an executive order aimed at addressing the vulnerability of the nation's critical infrastructure to cyberattacks. The move essentially would be a work-around to the Cybersecurity Act of 2012, which was defeated in the Senate last month by Republicans who felt that the terms were too restrictive on business. In addition, some civil libertarian groups felt that the bill threatened privacy protections.

The Associated Press reportedly has obtained a draft copy of the president's proposed order, which apparently would establish a new counsel to oversee cybersecurity for the nation's critical infrastructure, under the Department of Homeland Security.

The panel likely would be made up of representatives from a number of government agencies, including the Department of Commerce's National Institute of Standards and Technology, the Department of Defense and the Department of Justice. It would be called upon to issue a report on the various threats to and vulnerabilities of the nation's critical infrastructure and make recommendations for their protection. These recommendations could include adjustments to current regulations, or the addition of new ones. More government agencies, as well as the business community, likely would be called upon to participate in the process.

A variety of experts have warned that much of the nation's critical infrastructure, including the power grid, gas pipelines and water supply and transportation systems, are controlled by systems that predate adequate information security. Or, the experts have said, the infrastructure has other flaws that make it highly vulnerable to attack by the range of sophisticated, weapons-grade malware now available to nation-states and, potentially, terrorist organizations or other groups.

 

[Related: Cybersecurity Bill Fails in Senate]

While the validity of these concerns is widely acknowledged, there is substantial disagreement among lawmakers, and the political parties, as to the best way to mitigate the threat.

Sen. Dianne Feinstein sent a letter to President Obama last month urging him to move forward with an executive mandate.

"I strongly agree with your recent comments that urgent action is needed to defend U.S. government and private sector computer networks from cyberattack and espionage," she wrote. "Because our critical infrastructure, our financial hubs, and our ability to defend the Nation are at risk, we must take action to address these vulnerabilities as soon as possible. I therefore urge you to issue an Executive Order, or take other appropriate action, to advance the cybersecurity of our Nation’s critical infrastructure."

Meanwhile, the conservative Heritage Foundation opposes such a move. A blog by its Heritage Network, posted shortly after the bill was defeated, reads, in part, as follows:

"While we agree that reforms and improvements in cybersecurity are needed, it is important that we prudently consider the intended and unintended effects of any piece of legislation. The legislative process ensures the debate of ideas and allows alternative ideas. The executive order, on the other hand, eschews such open debate and instead imposes the President’s will with its weaknesses unmitigated by the legislative back-and-forth."

NEXT: Retaliation for Stuxnet?