Napolitano: Cybersecurity legislation preferred over exec order

Here’s your midweek update on the push from the White House and Congress to establish minimal cybersecurity standards for banks, energy firms, transportation companies and communications businesses — frequently called critical infrastructure providers by the government. While Senate Majority Leader Harry Reid (D-Nev.) has said he plans to call for a vote on the Cyber ...

Wikimedia Commons
Wikimedia Commons
Wikimedia Commons

Here's your midweek update on the push from the White House and Congress to establish minimal cybersecurity standards for banks, energy firms, transportation companies and communications businesses -- frequently called critical infrastructure providers by the government.

While Senate Majority Leader Harry Reid (D-Nev.) has said he plans to call for a vote on the Cyber Security Act of 2012 next month, the White House is still circulating a draft of its executive order -- or "EO" -- on cybersecurity to businesses that it would affect in an effort to get their feedback.

"In light of the failure of the Congress to be able to pass legislation this past year, in part, because we recognize given the severity and urgency of the situation we can't simply wait if Congress cannot act," Homeland Security Secretary Janet Napolitano said after an Oct. 25 speech about cybersecurity at the Center for Strategic and International Studies. "One of the things that's happening now is outreach into the private sector and other stakeholders to look at it and get some feedback before any EO would be issued if there is, ultimately, that decision."

Here’s your midweek update on the push from the White House and Congress to establish minimal cybersecurity standards for banks, energy firms, transportation companies and communications businesses — frequently called critical infrastructure providers by the government.

While Senate Majority Leader Harry Reid (D-Nev.) has said he plans to call for a vote on the Cyber Security Act of 2012 next month, the White House is still circulating a draft of its executive order — or "EO" — on cybersecurity to businesses that it would affect in an effort to get their feedback.

"In light of the failure of the Congress to be able to pass legislation this past year, in part, because we recognize given the severity and urgency of the situation we can’t simply wait if Congress cannot act," Homeland Security Secretary Janet Napolitano said after an Oct. 25 speech about cybersecurity at the Center for Strategic and International Studies. "One of the things that’s happening now is outreach into the private sector and other stakeholders to look at it and get some feedback before any EO would be issued if there is, ultimately, that decision."

Still, senior administration officials maintain that they would like to lose this race to lawmakers. During questions after her speech today Napolitano echoed the White House and Defense Department’s argument that legislation is key to protecting the nation’s critical infrastructure from cyber attack.

"If you ask me what concerns me the most, is that in an interconnected world, where infrastructure is concerned you could have entities that are doing a really good job, but it only takes one or two to create a gap in the system and then the gap can have a domino effect," said Napolitano. "That’s why having legislation, I think in the end, is going to be absolutely necessary to make sure we have [a set of uniform] best practices that are incorporated in the core infrastructure of the country."

Napolitano added that while legislation is a better way to deal with securing critical infrastructure than an executive order, the lame-duck Congress will have plenty on its plate when it returns in mid-November, including trying to reach a deficit reduction deal to avoid the massive government spending cuts that are scheduled to take effect in January.

The White House is keeping a tight lid on the details of its executive order, saying only that it will take a "collaborative" approach with businesses and lawmakers in developing cybersecurity "best practices" for critical infrastructure providers. Any such order will have strong privacy and civil liberties protections in place, according to the White House. In addition to establishing best practices, the order may provide a means for rapid information sharing about cyber threats between businesses and the government.

John Reed is a national security reporter for Foreign Policy. He comes to FP after editing Military.com’s publication Defense Tech and working as the associate editor of DoDBuzz. Between 2007 and 2010, he covered major trends in military aviation and the defense industry around the world for Defense News and Inside the Air Force. Before moving to Washington in August 2007, Reed worked in corporate sales and business development for a Swedish IT firm, The Meltwater Group in Mountain View CA, and Philadelphia, PA. Prior to that, he worked as a reporter at the Tracy Press and the Scotts Valley Press-Banner newspapers in California. His first story as a professional reporter involved chasing escaped emus around California’s central valley with Mexican cowboys armed with lassos and local police armed with shotguns. Luckily for the giant birds, the cowboys caught them first and the emus were ok. A New England native, Reed graduated from the University of New Hampshire with a dual degree in international affairs and history.

More from Foreign Policy

A Panzerhaubitze 2000 tank howitzer fires during a mission in Ukraine’s Donetsk region.
A Panzerhaubitze 2000 tank howitzer fires during a mission in Ukraine’s Donetsk region.

Lessons for the Next War

Twelve experts weigh in on how to prevent, deter, and—if necessary—fight the next conflict.

An illustration showing a torn Russian flag and Russian President Vladimir Putin.
An illustration showing a torn Russian flag and Russian President Vladimir Putin.

It’s High Time to Prepare for Russia’s Collapse

Not planning for the possibility of disintegration betrays a dangerous lack of imagination.

An unexploded tail section of a cluster bomb is seen in Ukraine.
An unexploded tail section of a cluster bomb is seen in Ukraine.

Turkey Is Sending Cold War-Era Cluster Bombs to Ukraine

The artillery-fired cluster munitions could be lethal to Russian troops—and Ukrainian civilians.

A joint session of Congress meets to count the Electoral College vote from the 2008 presidential election the House Chamber in the U.S. Capitol  January 8, 2009 in Washington.
A joint session of Congress meets to count the Electoral College vote from the 2008 presidential election the House Chamber in the U.S. Capitol January 8, 2009 in Washington.

Congrats, You’re a Member of Congress. Now Listen Up.

Some brief foreign-policy advice for the newest members of the U.S. legislature.