Skip Links

Executive order would not allow 'meaningful leap' on cybersecurity

Sidestepping Congress would not allow comprehensive change, but would give 'enough meat to set some standards,' says one expert

By Taylor Armerding, CSO
September 05, 2012 07:55 AM ET

CSO - President Obama is being urged by members of Congress to bypass the legislative body after its failure to pass cybersecurity legislation over the summer.

Failure to pass cybersecurity act leaves us all at risk

Sen. Dianne Feinstein (D-Calif.), who chairs the Senate Intelligence Committee, called on Obama in an open letter last week to issue an executive order for government agencies and critical infrastructure owners to implement better controls to protect their computer networks.

There is plenty of precedent for such action. The President has bypassed Congress with executive orders more than 130 times. Among the most notable were his creation of a version of the Dream Act. Also, he declared that the federal government would no longer enforce the federal Defense of Marriage Act. His mantra, at these times: "We can't wait."

Sen. Feinstein and others, including Sen. Jay Rockefeller (D-W. Va.), who made a similar request in a letter to the White House last month, argue we cannot wait on cybersecurity.

The White House said after Congress failed to pass the Cybersecurity Act of 2012 that the President was considering implementing some of the goals of that bill by executive order 

"Moving forward, the President is determined to do absolutely everything we can to better protect our nation against today's cyber threats and we will do that," White House Press Secretary Jay Carney said at the time.

The President does not have the authority to include everything that had been proposed in the Cybersecurity Act, as Rockefeller acknowledges. A voluntary program in the bill would have offered incentives, such as government assistance to operators of critical infrastructure who meet federal security standards, when they are confronted with a cyberthreat.

[In depth: Organized cybercrime revealed]

A presidential executive order could not include those incentives, but Rockefeller wrote that "many components of the Cybersecurity Act are amenable to implementation via executive order, normal regulatory processes, or other executive action under the authorities of the Homeland Security Act."

Jacob Olcott, a principal at Good Harbor Consulting, said by the time the Cybersecurity Act came to a vote, it had been stripped of most of its more controversial provisions in an effort to gain Republican support.

"The president can't create new regulations for industries that aren't already regulated," he said. "But he could expand existing regulatory systems."

Olcott added that the things the president can do are in the areas where there has been general agreement between the parties. "The idea of the executive order is that it's a way to start moving in a direction -- a way to formalize a lot of the policies [the parties] had informally agreed on."

Joel Harding, a retired military intelligence officer and information operations expert, said it is likely that an executive order would please neither party, for different reasons. "But at least it provides some serious updates to the 2003 Presidential Directive on Cybersecurity," he said. "There will be enough meat to set some standards but not enough to make a meaningful leap in cybersecurity."

Our Commenting Policies
Latest News
rssRss Feed
View more Latest News