White House still working on cyber exec order despite renewed push for legislation

The White House is continuing to work with lawmakers and other "key players" to craft an executive order aimed at securing the country’s privately-owned critical infrastructure from cyber attacks despite the Senate Majority Leaders’ plan to hold a vote on cybersecurity legislation next month. "We have held sessions with both House and Senate staffers to ...

Wikimedia Commons
Wikimedia Commons
Wikimedia Commons

The White House is continuing to work with lawmakers and other "key players" to craft an executive order aimed at securing the country's privately-owned critical infrastructure from cyber attacks despite the Senate Majority Leaders' plan to hold a vote on cybersecurity legislation next month.

The White House is continuing to work with lawmakers and other "key players" to craft an executive order aimed at securing the country’s privately-owned critical infrastructure from cyber attacks despite the Senate Majority Leaders’ plan to hold a vote on cybersecurity legislation next month.

"We have held sessions with both House and Senate staffers to talk about actions that executive departments and agencies can take, including a possible executive order," a National Security Council spokeswoman told Killer Apps on Oct. 17. "We’re essentially, still in deliberating and consulting phase wanting to make sure that anything we put together for the president’s considerations takes into account of these key stakeholders" on Capitol Hill and in the private sector.

These comments come several days after Sen. Majority Leader Harry Reid (D-Nev.) announced that he plans to bring last summer’s cybersecurity bill sponsored by Sens. Joe Lieberman (I-Ct.) and Susan Collins (R-Maine.) to the Senate floor for a vote next month.  The bill, known as the Cyber Security Act of 2012, stalled in early August amidst objections by Republicans opposed to the minimal cyber security standards it would establish for critical infrastructure providers. Republicans claimed the security standards would be burdensome to businesses and would not be able to keep up with the ever-changing nature of cyber threats.

"Secretary Panetta has made clear that inaction is not an option," said Reid on Oct. 13. "I will bring cybersecurity legislation back to the Senate floor when Congress returns in November. My colleagues who profess to understand the urgency of the threat will have one more chance to back their words with action, and work with us to pass this bill."

While Reid acknowledged concerns of his legislative colleagues who have criticized the White House for crafting an executive order, (read more on that here) he encouraged a two-pronged approach (perhaps race is a better way to describe it) between the White House and Congress meant to quickly establish cybersecurity standards for critical infrastructure providers.

"Some of my colleagues have suggested that the President should delay further action to protect America from this threat until Congress can pass legislation," said Reid. While "cybersecurity is an issue that should be handled by Congress, but with Republicans engaging in Tea Party-motivated obstruction, I believe that President Obama is right to examine all means at his disposal for confronting this urgent national security threat."

In addition to establishing minimal security standards for banks, utilities, transportation and communications firms, Lieberman and Collins’ bill allows rapid information sharing between businesses and the government, protects businesses from lawsuits for inappropriately sharing private citizens information and it restricts the type of information that could be collected about U.S. citizens and how it could be used. 

Just yesterday, Maryland Democrat Sen. Barbara Mikulski said that a newfound sense of urgency amongst lawmakers about cyber security has increased the chances that the Lieberman-Collins bill will pass in November.

Here’s what the White House said about its executive order on Oct. 5:

We are exploring ways for Executive Branch Departments and Agencies to more effectively secure the nation’s critical infrastructure by working collaboratively with the private sector. We are considering an Executive Order (EO) as one way to improve such collaborative efforts. However, an EO is not a substitute for new legislation. While an EO doesn’t create new powers or authorities, it does set policy under existing law.

We believe that cybersecurity best practices should be developed in partnership between government and industry. For decades, industry and government have worked together to protect the physical security of critical assets that reside in private hands, from airports and seaports to national broadcast systems and nuclear power plants. There is no reason we cannot work together in the same way to protect critical infrastructure cyber systems upon which so much of our economic well-being, national security, and daily lives depend.

Our intent is to focus on and address the nation’s critical infrastructure, whose incapacitation from a cyber incident would have grave national security and economic consequences. Since most companies aren’t critical infrastructure, we are only looking at a small subset of the companies in the U.S.  We believe that companies driving cybersecurity innovations in their current practices and planned initiatives can help shape best practices across critical infrastructure. Companies needing to upgrade their security would have the flexibility to decide how best to do so using a wide range of innovative products and services available in the marketplace. We remain committed to incorporating strong privacy and civil liberties protections into any initiative to secure our critical infrastructure.

The process of developing an Executive Order will take time, as we believe that it must take into account the views of our partners in the private sector and the Congress. We have started reaching out to both the private sector and Congress and we look forward to gaining their input. Given the gravity of the threats we face in cyberspace, we want to get this right in addition to getting it done swiftly.

John Reed is a national security reporter for Foreign Policy. He comes to FP after editing Military.com’s publication Defense Tech and working as the associate editor of DoDBuzz. Between 2007 and 2010, he covered major trends in military aviation and the defense industry around the world for Defense News and Inside the Air Force. Before moving to Washington in August 2007, Reed worked in corporate sales and business development for a Swedish IT firm, The Meltwater Group in Mountain View CA, and Philadelphia, PA. Prior to that, he worked as a reporter at the Tracy Press and the Scotts Valley Press-Banner newspapers in California. His first story as a professional reporter involved chasing escaped emus around California’s central valley with Mexican cowboys armed with lassos and local police armed with shotguns. Luckily for the giant birds, the cowboys caught them first and the emus were ok. A New England native, Reed graduated from the University of New Hampshire with a dual degree in international affairs and history.

More from Foreign Policy

Keri Russell as Kate Wyler walks by a State Department Seal from a scene in The Diplomat, a new Netflix show about the foreign service.
Keri Russell as Kate Wyler walks by a State Department Seal from a scene in The Diplomat, a new Netflix show about the foreign service.

At Long Last, the Foreign Service Gets the Netflix Treatment

Keri Russell gets Drexel furniture but no Senate confirmation hearing.

Chinese President Xi Jinping and French President Emmanuel Macron speak in the garden of the governor of Guangdong's residence in Guangzhou, China, on April 7.
Chinese President Xi Jinping and French President Emmanuel Macron speak in the garden of the governor of Guangdong's residence in Guangzhou, China, on April 7.

How Macron Is Blocking EU Strategy on Russia and China

As a strategic consensus emerges in Europe, France is in the way.

Chinese President Jiang Zemin greets U.S. President George W. Bush prior to a meeting of APEC leaders in 2001.
Chinese President Jiang Zemin greets U.S. President George W. Bush prior to a meeting of APEC leaders in 2001.

What the Bush-Obama China Memos Reveal

Newly declassified documents contain important lessons for U.S. China policy.

A girl stands atop a destroyed Russian tank.
A girl stands atop a destroyed Russian tank.

Russia’s Boom Business Goes Bust

Moscow’s arms exports have fallen to levels not seen since the Soviet Union’s collapse.