Obama May Issue Cybersecurity Executive Order, Aide Says
The president could issue an executive order on cybersecurity, an aide said Wednesday. Also that day, Rep. Ed Markey, D-Mass., asked President Barack Obama to issue an order to secure the electrical power system from cyberattacks. John Brennan, assistant to the president for homeland security and counter-terrorism, suggested that the White House was considering such an option. The Senate last week failed to vote on the Cybersecurity Act (S-3414). Republicans filibustered against it on GOP and business concerns it would give the federal government too much control through the Department of Homeland Security over what companies could do to protect computers and networks (CD Aug 2 p4).
Sign up for a free preview to unlock the rest of this article
If your job depends on informed compliance, you need International Trade Today. Delivered every business day and available any time online, only International Trade Today helps you stay current on the increasingly complex international trade regulatory environment.
"We worked very hard to try to push forward and advance the cybersecurity provisions that were included in the Lieberman-Collins bill [S-3414] that unfortunately did not advance last week,” Brennan said in a speech Wednesday at the Council on Foreign Relations. “So what are the implications? Well, one of the things that we need to do in the executive branch is to see what we can do to do maybe put additional sort of guidelines or policies in place under executive branch authorities. I mean, if the Congress is not going to act on something like this, then the president wants to make sure that we're doing everything possible.”
"If Congressional Republicans insist on fully entrusting the safety of our grid to a utility industry that is ill-equipped to adequately and uniformly respond to threats and vulnerabilities that are of paramount importance to national security, then you can and must take action to mitigate these threats and vulnerabilities to the extent possible by executive order,” Markey wrote (http://xrl.us/bnjxss). S-3414 would have encouraged U.S. utility companies to voluntarily adopt cybersecurity standards in return for liability protections.
Lead author of S-3414, Sen. Joe Lieberman, I-Conn., urged Obama to issue a cybersecurity executive order if Congress fails to act. “I still hope that Congress will pass cybersecurity legislation,” Lieberman said. “But if Congress cannot get its act together to protect our nation from the real, urgent, and growing threat of cyber attack, then the President must do everything he can by executive order. The problem is there are some things we should do to defend ourselves from cyber attack that can only be done by statute."
S-3414 sponsor Sen. Dianne Feinstein, D-Calif., still “hopes the Senate bill is reconsidered when Congress returns,” her spokeswoman said. S-3414 remains on the Senate calendar due to a procedural motion by Senate Majority Leader Harry Reid, D-Nev., who immediately moved to reconsider the bill following last week’s cloture vote.
Rep. Mary Bono Mack, R-Calif., is opposed to any sort of cybersecurity executive order, her spokesman said. “She still believes there’s a chance to reach a compromise on cybersecurity legislation before year’s end.” Bono Mack sponsored the House version of the SECURE IT Act (HR-4263), an alternative cybersecurity bill that encourages cyberthreat information sharing between the private and public sector.
The Chamber of Commerce also opposed an executive order, which it said would actually make the nation less secure from cyberthreats. “An executive order would be counterproductive and would cut short the proper legislative process, which needs to continue,” Matthew Eggers, senior director of national security and emergency preparedness, said by email. “The U.S. Chamber supports passing a smart and effective bill. However, a new executive order would cast aside legitimate industry concerns and could trigger actions that hinder greater public-private collaboration,” he said. “An executive order makes clear the administration’s intent to put a mandatory program into place to regulate businesses. While it may sound appealing on the surface, a mandatory program would not automatically lead to greater security -- just the opposite. A mandatory program would undermine public-private collaboration and shift businesses’ focus from improving security to complying with red tape.”