Feb 11, 2013 Comments Off on Sources: Obama To Bypass Congress, Make Cybersecurity Law By Issuing Executive Order Wednesday Spit Stixx
Excerpted from The Hill: The White House is poised to release an executive order aimed at thwarting cyberattacks against critical infrastructure on Wednesday, two people familiar with the matter told The Hill.
The highly anticipated directive from President Obama is expected to be released at a briefing Wednesday morning at the U.S. Department of Commerce, where senior administration officials will provide an update about cybersecurity policy.
The executive order would establish a voluntary program in which companies operating critical infrastructure would elect to meet cybersecurity best practices and standards crafted, in part, by the government.
Observers are expecting the president to briefly mention the need for the country to improve its defenses against cyberattacks during his State of the Union address on Tuesday.
White House press secretary Jay Carney declined Monday to say whether the president would discuss cybersecurity during his Tuesday address to Congress, saying the president believes that it’s
“a very important issue.”
“It represents a huge challenge for our country. He has called on Congress to take action. Unfortunately, Congress has thus far refused legislatively,” Carney said at a press briefing with reporters. “But I don’t have any previews to provide.”
During last year’s address, the president made a brief mention about the cybersecurity legislative blueprint that his administration put forward in May 2011.
The White House began crafting the executive order after Congress failed to pass cybersecurity legislation last year. Officials said the threat facing the United States was too great for the administration to ignore and that it needed to take action as Congress grappled with passing a bill.
During his second term, the president is expected to exert his executive power on issues such as climate change, and it appears that cybersecurity is also on that list.
Yet administration officials have also stressed that the executive order is not a substitute for cybersecurity legislation, which is needed to protect the country’s water plants, electric grid and other critical infrastructure from cyberattacks.
They note that an executive order cannot, unlike congressional legislation, grant new powers or authorities to federal agencies or departments.
“We need comprehensive cybersecurity legislation,” Andy Ozment, a senior director for cybersecurity at the White House, said at a conference in Washington last week. “We cannot do everything under our existing authorities.”
White House Cybersecurity Coordinator Michael Daniel, Commerce Department Deputy Secretary Rebecca Blank, Department of Homeland Security Deputy Secretary Jane Lute and National Security Director Gen. Keith Alexander will be among the officials participating in Wednesday’s briefing, according to details obtained by The Hill.
A White House spokeswoman declined to comment on the timing of the executive order.
It has been revised several times over the past few months and would also encourage agencies to share intelligence about cyber threats with companies that operate critical infrastructure.
Over the past few months, the White House has engaged in outreach efforts to industry groups, think tanks, companies and advocacy groups to solicit feedback on what should and should not be included in the order.
A leaked copy of the draft order this fall revealed that the White House had incorporated some changes into the order that were an attempt to smooth over concerns that the high-tech industry had raised.
The White House began work on the executive order after the Senate failed to pass a sweeping cybersecurity bill by Sens. Joe Lieberman (I-Conn.), Susan Collins (R-Maine), Jay Rockefeller (D-W.Va.) and Dianne Feinstein (D-Calif.). The bill included a measure aimed at improving information-sharing about cyber threats between government and industry.
However, it also had a more controversial provision that would encourage companies that operate critical infrastructure to adopt cybersecurity best practices and standards into their computer networks.