Pentagon and Reid back cyber exec order, legislation still preferred

White House efforts to draft an executive order establishing IT security standards and rules for sharing information on cyber attacks have become even more important given the Senate’s failure on Wednesday to pass cybersecurity legislation, according to several people involved in the matter. Still, sources say legislation remains critical to shoring up U.S. defenses against ...

Getty Images
Getty Images
Getty Images

White House efforts to draft an executive order establishing IT security standards and rules for sharing information on cyber attacks have become even more important given the Senate's failure on Wednesday to pass cybersecurity legislation, according to several people involved in the matter. Still, sources say legislation remains critical to shoring up U.S. defenses against a potentially crippling cyber attack.

White House efforts to draft an executive order establishing IT security standards and rules for sharing information on cyber attacks have become even more important given the Senate’s failure on Wednesday to pass cybersecurity legislation, according to several people involved in the matter. Still, sources say legislation remains critical to shoring up U.S. defenses against a potentially crippling cyber attack.

The executive order, which has reportedly been in the works for months, would be a "prudent" stopgap but "can only get us so far," a Defense Department official told Killer Apps. "Ultimately, we will need legislative action in order to get the full tools to help protect this nation."

Senior defense officials have been extremely vocal this year in pushing for cybersecurity legislation, warning that unless something is done to increase the cyber security of America’s banks, utilities, energy companies, communications providers, and transportation firms, the nation faces a "cyber Pearl Harbor."

The Cyber Security Act of 2012, drafted by Senators Joe Lieberman (I-CT) and Susan Collins  (R-ME), mandated minimum IT security standards for critical infrastructure providers, provided liability protection for businesses that share information about cyber attacks with the federal government, and restricted the information about private U.S. citizens that the government could collect. It also established the Department of Homeland Security as the lead government agency in defending U.S. critical infrastructure from cyber attack.

The bill stalled in August after Senate Republicans objected to the minimal security standards mandated in the bill, claiming they would burden businesses without protecting them from ever-evolving cyber threats.

Senate Majority Leader Harry Reid (D-NV) tried to bring the bill to the floor for a vote this month. However, that effort was rebuffed last night by Republicans who asked to insert five amendments to the bill but refused to reveal the contents of those amendments, according to Reid’s office.

"They asked for five amendments last night, and we said, ‘Sure you can have five amendments,’ as is protocol. We said, ‘What are they?’ and they [Republicans] refused to tell us what they were," a spokesman for Reid told Killer Apps. "They could just come back to us with the five amendments they want and we could get amendment agreement and bring the bill back up [right now]. Short of that, it’s hit a wall."

Sen. Minority Leader Mitch McConnell (R-KY), who blames Reid for not allowing an "open amendment" process, suggested bringing the bill back for a vote in late December, when Congress will be occupied with reaching a deal on how to reduce the deficit in order to avert massive budget cuts under the process of sequestration.

If the bill is dead for this year, as Reid has said, the Nevada senator supports the White House’s executive order as a stopgap measure despite his strong preference for the issue to be tackled by the legislative branch. "If we’re unable to act, he thinks the threat is serious enough that he would support some sort of executive [order] in the meantime, just to make sure we’re covered," said the spokesman.

Pentagon Press Secretary George Little released a statement after the bill was killed last night saying that Defense Secretary Leon Panetta was "disappointed" to learn of the bill’s failure to advance, warning that legislative inaction could have "devastating" consequences.

"Secretary Panetta was disappointed to learn that the Senate failed to move forward on the Cybersecurity Act of 2012, which would have enhanced our nation’s ability to protect itself against cyber threats, which are growing at an alarming rate," said Little. "Cyber attacks threaten to have crippling effects on America’s critical infrastructure, and on our government and private sector systems. The U.S. defense strategy calls for greater investments in cybersecurity measures, and we will continue to explore ways to defend the nation against cyber threats.  New legislation would have enhanced those efforts.  If the Congress neglects to address this security problem urgently, the consequences could be devastating."

In addition to the executive order being worked on by the White House, President Obama last month signed a classified order establishing rules that will, among other things, help government agencies determine how they will operate during offensive and defensive cyber missions.

John Reed is a national security reporter for Foreign Policy. He comes to FP after editing Military.com’s publication Defense Tech and working as the associate editor of DoDBuzz. Between 2007 and 2010, he covered major trends in military aviation and the defense industry around the world for Defense News and Inside the Air Force. Before moving to Washington in August 2007, Reed worked in corporate sales and business development for a Swedish IT firm, The Meltwater Group in Mountain View CA, and Philadelphia, PA. Prior to that, he worked as a reporter at the Tracy Press and the Scotts Valley Press-Banner newspapers in California. His first story as a professional reporter involved chasing escaped emus around California’s central valley with Mexican cowboys armed with lassos and local police armed with shotguns. Luckily for the giant birds, the cowboys caught them first and the emus were ok. A New England native, Reed graduated from the University of New Hampshire with a dual degree in international affairs and history.

More from Foreign Policy

Russian President Vladimir Putin and Chinese President Xi Jinping give a toast during a reception following their talks at the Kremlin in Moscow on March 21.
Russian President Vladimir Putin and Chinese President Xi Jinping give a toast during a reception following their talks at the Kremlin in Moscow on March 21.

Can Russia Get Used to Being China’s Little Brother?

The power dynamic between Beijing and Moscow has switched dramatically.

Xi and Putin shake hands while carrying red folders.
Xi and Putin shake hands while carrying red folders.

Xi and Putin Have the Most Consequential Undeclared Alliance in the World

It’s become more important than Washington’s official alliances today.

Russian President Vladimir Putin greets Kazakh President Kassym-Jomart Tokayev.
Russian President Vladimir Putin greets Kazakh President Kassym-Jomart Tokayev.

It’s a New Great Game. Again.

Across Central Asia, Russia’s brand is tainted by Ukraine, China’s got challenges, and Washington senses another opening.

Kurdish military officers take part in a graduation ceremony in Erbil, the capital of Iraq’s Kurdistan Region, on Jan. 15.
Kurdish military officers take part in a graduation ceremony in Erbil, the capital of Iraq’s Kurdistan Region, on Jan. 15.

Iraqi Kurdistan’s House of Cards Is Collapsing

The region once seemed a bright spot in the disorder unleashed by U.S. regime change. Today, things look bleak.