News Stay informed about the latest enterprise technology news and product updates.

White House reportedly considering cybersecurity executive order

The White House is reportedly considering a cybersecurity executive order to push digital defense development for critical infrastructure protection.

After legislators earlier this year voted down a bill aimed at protecting U.S. computer systems from cyberattacks, President Barack Obama is reportedly considering distributing an executive order targeting cybersecurity.

The cybersecurity executive order would include provisions for digital defenses to protect critical infrastructure and the development of a council headed by the U.S. Department of Homeland Security to assess threats to those sectors, according to a draft of the order obtained by The Associated Press earlier this week. Like the Cyber Intelligence Sharing and Protection Act (CISPA) -- which was passed earlier this year by the House of Representatives before it failed in the Senate -- the cybersecurity measures would require cooperation between the public and private sector.

More on cybersecurity

Video: Cybersecurity strategy users' responsibility in dangerous online world.

Napolitano calls for cybersecurity information sharing.

The rumored cybersecurity executive order comes on the heels of comments by Department of Homeland Security Secretary Janet Napolitano at the American Society for Industrial Security International conference in Philadelphia this week. Napolitano called for increased public-private cybersecurity information sharing to protect the nation's cyberinfrastructure.

"Protecting critical infrastructure and cyberspace -- including the systems and networks that support the financial services, energy and defense industries -- requires all of us working together," Napolitano said. "From government and law enforcement to the private sector and members of the public, everyone has a role to play in protecting against cyberthreats."

In an Aug. 28 letter, Senator Dianne Feinstein (D-Calif.), chairman of the U.S. Senate Select Committee on Intelligence, encouraged President Obama to take cybersecurity action via executive order.

"I believe the time has come for you to use your full authority to protect the U.S. economy and the networks we depend on from future cyberattack," wrote Feinstein, who was a co-sponsor of the Cybersecurity Act of 2012.

From government and law enforcement to the private sector and members of the public, everyone has a role to play in protecting against cyberthreats.

Janet Napolitano, U.S. Secretary of Homeland Security

"While an executive order cannot convey protection from liability that private-sector companies may face, your administration can issue cybersecurity standards and provide technical assistance to companies willing to take voluntary steps to improve their security."

Former White House cybersecurity chief Howard Schmidt has also endorsed an executive order to secure U.S. cybernetworks.

The cybersecurity efforts outlined in the executive order would not be without critics, however. For example, the draft order also allows federal agencies to propose new cybersecurity regulations or broaden existing ones. Legislators opposed to the failed CISPA, as well as powerful business organizations such as the U.S. Chamber of Commerce, said new regulations would put an undue burden on complying businesses.

In August, conservative think tank The Heritage Foundation published a blog post that served as a pre-emptive attack on Obama's cybersecurity executive order. Blogger David Inserra wrote that the foundation agrees that cybersecurity legislation is needed, but any changes should follow proper legislative procedure.

"The legislative process ensures the debate of ideas and allows alternative ideas," Inserra wrote. "The executive order, on the other hand, eschews such open debate and instead imposes the president's will with its weaknesses unmitigated by the legislative back-and-forth."

The executive order is still in the draft stage, and could be revised before it is official. The White House has declined to comment on the cybersecurity executive order.

Let us know what you think about the story; email Ben Cole, Associate Editor. For IT compliance news and updates throughout the week, follow us on Twitter @ITCompliance.

Dig Deeper on Risk management and compliance

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.