Skip Links

Demise of cybersecurity bill means executive order on the way

While the expressed purpose of the order is to safeguard the nation's critical infrastructure, there are fears power will be abused

By Taylor Armerding, CSO
November 20, 2012 08:40 AM ET

CSO - The demise of the Cyber Security Act of 2012 (CSA) clears the way for President Obama to issue an executive order (EO) implementing at least some of the major elements of the bill. And some political observers say that has been Senate Majority Leader Harry Reid's endgame since the bill failed the first time in August.

Cybersecurity bill fails in Senate

By the time it came to a vote last Wednesday on whether the U.S. Senate would end debate and bring the CSA to a vote, its failure was a mere formality.

The bill, largely unchanged from when it was rejected on Aug. 2, got 51 votes -- one less than in August. The opposition was largely unchanged -- the business community opposed what it said were unnecessary and onerous regulations, and organizations like the Electronic Frontier Foundation (EFF) opposed what they said were provisions that would allow companies to "monitor our private communications and pass that data to the government."

The bare majority was mostly Democrats, joined by a few Republicans. The opposition was mainly Republican, joined by a few Democrats.

Wall Street Journal editorial said it was basically a political gamesmanship charade. Reid, the paper said, "[aborted] a bipartisan Congressional push to strengthen the nation's digital defenses. By rushing a floor vote on a cybersecurity bill in order to kill it, the Senate Majority Leader is giving political cover to White House plans to regulate the Web by bureaucratic fiat."

Rebecca Herold, CEO of The Privacy Professor, agreed that the move probably had a strategic purpose, but didn't think it was quite as malevolent as The Journal's editorial did.

"Given the expressed urgency of [Secretary of Defense Leon] Panetta and the president to address the very real cybersecurity risks, it would seem that Reid may have wanted to provide what would be perceived as ample opportunity for Congress to address the risks with some type of bill prior to doing what could then be considered as a last-resort type of move with an executive order," she said.

Whatever the motivation, the question now is when President Obama will issue an executive order to implement at least some of the major provisions of the Cyber Security Act.

Eric Chabrow reported at GovInfoSecurity that there is still some debate over it within the administration. "James Lewis, a senior fellow at the Center for Strategic and International Studies, said divisions exist within the White House on defining in the executive order exactly how the government would identify those practices and the role the Department of Homeland Security should play in implementing IT security practices," Chabrow wrote. "Once those differences are ironed out, Lewis said the president will likely issue the executive order."

[See related: Cybersecurity Act of 2012 will help us protect critical infrastructure, says Lieberman]

Reports say the order is expected to establish a cybersecurity council chaired by the Department of Homeland Security (DHS), which will develop a report to determine which agencies should regulate which parts of the nation's critical infrastructure.

Our Commenting Policies
Latest News
rssRss Feed
View more Latest News