There have been various efforts to create a cyber-security measure that could garner enough bipartisan support to pass both chambers of Congress, but all have failed. Senate Intelligence Chairwoman Dianne Feinstein of California is now urging the president to implement cyber-security measures without congressional approval, by way of an executive order.
Feinstein made the recommendation to President Obama in a letter sent on Tuesday, wherein she articulated fears that Congress would not pass cybersecurity legislation this year. According to Feinstein, there has been no indication that a compromise will be reached. Instead, Feinstein implores Obama to use his powerful position to circumvent Congress altogether and prepare an executive order that would protect the critical infrastructure.
“While efforts to reach consensus continue, I fear that the Congress will be unable to pass meaningful cybersecurity legislation this year. Therefore, I believe the time has come for you to use your full authority to protect the U.S. economy and the networks we depend on from future cyber attack[s],” Feinstein wrote. “While an executive order cannot convey protection from liability that private sector companies may face, your administration can issue cybersecurity standards and provide technical assistance to companies willing to take voluntary steps to improve their security.”
She also encouraged the President to direct the Department of Homeland Security and other intelligence agencies to share “as much information as possible to the private sector about cyber threats, including classified information.”
“These are meaningful, if limited, steps that can be taken now,” she said. “The threats to our national and economic security are simply too great to wait for legislation.”
Sadly, Feinstein’s recommendation is not the first of its kind. Senator Jay Rockefeller of West Virginia asked Obama to consider a similar step earlier this month in a letter he addressed to the White House.
“[B]ecause it is very unclear whether the Senate will come to agreement on cybersecurity legislation in the near future, I urge you to explore and employ every lever of executive power that you possess to protect this country from the cyber threat,” Rockefeller wrote in a letter to Obama. “We must act to address our cyber vulnerabilities as soon as possible and many components of the Cybersecurity Act are amenable to implementation via executive order, normal regulatory processes, or other executive action under the authorities of the Homeland Security Act.”
Rockefeller wrote. “This cyber threat is unprecedented and we need an innovative and cooperative approach between the private sector and the federal government to protect the country from it.”
And according to White House chief counter-terrorism adviser John Brennan, the Obama administration has already been considering an executive order for cybersecurity after the Cybersecurity Act of 2012 failed to pass in the Senate. According to that bill’s sponsors, Senators Joe Lieberman and Susan Collins, the bill would have protected the electric grid, water systems, financial networks and transportation systems from the threat of cyber attacks. Critics of the Cybersecurity Act of 2012 bemoaned the bill’s voluntary standards, lack of incentives associated with those standards, and the potential it creates for too much government and military involvement.
As noted by The Hill:
GOP senators and the U.S. Chamber of Commerce fought hard against Lieberman’s bill, arguing it would open a back door for the government to saddle industry with new regulations. They claimed that voluntary cybersecurity standards outlined in the bill would end up becoming new security rules that industry would be mandated to follow.
“While [the voluntary standards] sound appealing on its face, a government-administered program would shift during the implementation phase from being standards based and flexible in concept to being overly prescriptive in practice,” Ann M. Beauchesne, the Chamber of Commerce’s vice president of national security and emergency preparedness, said in a statement.
After the measure failed to pass in the Senate, the Obama administration indicated that the country “cannot wait” and threatened to issue an executive order to implement cybersecurity standards.
“Moving forward, the President is determined to do absolutely everything we can to better protect our nation against today’s cyber threats and we will do that,” said White House Press Secretary Jay Carney in an e-mail to The Hill.
Brennan stated that a cybersecurity executive order would closely resemble the previous cybersecurity bills that have failed to pass in Congress.
In an op-ed piece written by President Obama for the Wall Street Journal, Obama stated that the nation needs greater cybersecurity. In the piece, Obama painted a rather bleak picture of the damage that can be expected in the event a cyber attack were to take place.
“In a future conflict, an adversary unable to match our military supremacy on the battlefield might seek to exploit our computer vulnerabilities at home,” he wrote. “Taking down vital banking systems could trigger a financial crisis. The lack of clean water or functioning hospitals could spark a public health emergency. And as we’ve seen in past blackouts, the loss of electricity can bring businesses, cities and entire regions to a standstill.”
Similar fear-provoking language was utilized by Senator Lieberman to advocate for the passage of the Cybersecurity Act of 2012
The threat is extremely dire,” Lieberman said. “I am literally worried that an attack could be imminent. We know that both states, countries like China, Russia and Iran are constantly probing our cyber networks, both government and private, and both civilian and defense.
“We know that countries and terrorist groups and organized crime groups are constantly trying to steal industrial secrets form American companies that they’ve invested millions in, sometimes billions in, to basically get it for nothing and then create those industries and jobs over in other countries.
But even members of Congress who have supported some of the cybersecurity bills that have failed do not condone the notion of forcing a measure without congressional scrutiny.
“I’m not for doing by executive order what should be done by legislation,” said Senator Susan Collins, who helped sponsor the Cybersecurity Act of 2012.
Photo: Sen. Diane Feinstein (D.-Calif.) (with Sen. Joseph Liebermann [I-Conn.] behind her) speaks about cybersecurity