Related Articles

IMBERLY DOZIER and LOLITA C. BALDOR, Associated Press WASHINGTON (AP) — The Obama administration is weighing plans to use its executive power to press U.S. businesses to better protect critical industries from potentially crippling computer attacks, after Congress failed to pass such legislation last week.
President Barack Obama may use his authority to issue orders compelling or encouraging private industry to meet minimum security standards to protect their computer networks from attacks by hackers or foreign governments, White House counterterrorism adviser John Brennan said Wednesday.
“One of the things that we have to do in the executive branch is to see what we can do to maybe put additional … guidelines or policy in place under executive branch authorities,” Brennan told the Council on Foreign Relations. “If the Congress is not going to act on something like this, then the president is going to do everything possible.”
His comments reflect escalating U.S. worries about the persistent computer network probes, attacks and industrial espionage that already have stolen billions of dollars in high-tech data from U.S. companies and could eventually shut down critical water or power plants.
A fierce lobbying effort by businesses and the U.S. Chamber of Commerce stalled legislation in the Senate, even after authors revised the bill so that it called for voluntary participation by companies, rather than creating new regulations and mandates.
Brennan said the White House was looking at possible additional guidelines or changes in policy, but he did not indicate whether such measures would require industry participation or use incentives to encourage voluntary action.
“We’re going to keep pushing on the Congress, but we’re also going to do what we can under executive branch authorities,” he said.
The Senate cyberattack legislation initially had given the federal government new authority to require businesses to protect their networks, but there was widespread opposition to the idea of expanding federal regulatory powers during tough economic times.
The revised bill offered incentives, such as liability protection and technical assistance, to businesses that voluntarily participated in a government-managed computer security program. Industry associations and groups would be involved in developing the standards needed to blunt the risks of computer attacks, according to the revised legislation.
Industry groups, however, said voluntary standards would lead to mandates. The U.S. Chamber of Commerce and other congressional Republicans support a competing bill drafted by Sen. John McCain, R-Ariz., that is similar to legislation passed by the House in late April. Those bills are focused only on the sharing of threat information between the federal government and private sector. The White House threatened to veto the House bill, however, over concerns the bill didn’t do enough to protect privacy rights.
“I think the administration is seriously frustrated over the lack of congressional action and may decide they have no choice” but to act administratively, said Roger Cressey, who served as a cybersecurity and counterterrorism adviser in the Clinton and George W. Bush administrations.
Cressey, now a senior vice president at the Booz Allen Hamilton consulting firm, said the administration was weighing a number of options, including offering incentives, such as liability protection, to entice industry to opt-in to voluntary computer security standards. He said there likely would be more conversations about the issue after Congress returns in September before the White House takes any action.
Senate leaders have said they will take another stab at passing the computer security bill in September. But at least one of the bill’s authors, Sen. Susan Collins, R-Maine, voiced concern about the impact of White House action.
“Given the threat, I understand the administration’s desire to act, but an executive order should not be a substitute for legislative action,” Collins said. “I am deeply disappointed that the Senate failed to pass our bipartisan bill before the August recess, but it remains imperative that this Congress address this issue. An executive order could send the unintended signal that congressional action is not urgently needed.”

Political Cartoons

See the latest editorial cartoons on President Obama.

Copyright © 2012 U.S.News & World Report LP All rights reserved.
Use of this Web site constitutes acceptance of our Terms and Conditions of Use and Privacy Policy.

White House may use executive order to protect key computer networks

* Cyber security bill failed to advance in U.S. Senate
* Chamber of Commerce says order would ‘cast aside’ concerns
* Concerns on privacy, over-regulation have weighed against
By Jasmin Melvin
WASHINGTON, Aug 8 (Reuters) – The White House is exploring whether to issue an executive order to protect the nation’s critical computer infrastructure following Congress’ failure to act earlier this month, White House homeland security adviser John Brennan said Wednesday.
Brennan was not explicit as to the timing, content or certainty of such an order, but he and other sources made it clear it was being actively discussed.
“One of the things that we need to do in the executive branch is to see what we can do to maybe put additional guidelines and policies in place under executive branch authority,” Brennan said in remarks to the Council on Foreign Relations.
“I mean if the Congress is not going to act … then the president wants to make sure that we are doing everything possible,” Brennan said.
Asked specifically whether he was referring to executive orders, Brennan said such orders from the president would be a “good vehicle” to direct government agencies to take action “to make sure the nation is protected.”
A White House aide later said President Barack Obama had not actually signed such an order but it was something that was under consideration.
Brennan’s comments, and similar suggestions earlier this month by White House press secretary Jay Carney, follow an August 2 procedural vote in the Senate that all but doomed a cyber security bill endorsed by President Obama as well as current and former national security officials from both Republican and Democratic administrations.
The legislation was among the most heavily lobbied of the past session by both critics and supporters, with battle lines that crossed party boundaries and divided the business commmunity. The Silicon Valley Leadership Group, representing more than 375 companies, tended to favor it, for example, while IBM did not.
The Senate bill had already been softened to meet objections of both business interests and privacy advocates.
Among other things, it would have created voluntary cyber security standards for critical infrastructure companies, and let b u sinesses and government share information to allow them to better assess and anticipate threats to computer systems that operate water, energy and other utilities.
CHAMBER OF COMMERCE OPPOSITION
The U.S. Chamber of Commerce made it one of its “key votes” on which it will judge members of Congress, saying it was yet another burdensome form of government regulation that would be ineffective.
Legal experts believe some elements of the Senate bill could in fact be implemented by executive order.
“The president can say we can’t wait, and I’m going to do what Congress can’t and protect the American people from cyber attacks,” said Stewart Baker, a former senior official at the Department of Homeland Security and now a cyber security expert at the law firm Steptoe and Johnson.
“In an election year, that sounds like a pretty promising approach,” Baker said.
An executive order, Baker said, could call on the Department of Homeland Security to encourage critical infrastructure facilities to adopt voluntary standards as part of the agency’s current authority over cyber security.
The White House could not enforce the standards, he said, but neither would legislation as the Senate stripped enforcement provisions from its bill to appeal to the Chamber of Commerce.
Responding to the prospect of an executive order, Matthew Eggers, senior director of National Security and Emergency Preparedness at the Chamber, said it “would be counterproductive and would cut short the proper legislative process, which needs to continue.”
“A new order,” he added, “would cast aside legitimate industry concerns and could trigger actions hindering greater public-private collaboration.”
Eggers also said it would “not automatically lead to greater security; just the opposite.”
The legislation would have allowed companies and the government to share information about hacking, which would be more difficult to do through an order, Baker said.
It also offered liabiliy protections as an incentive to companies to adopt the standards.
Baker suggested an executive order could provide such incentives through repurposing the SAFETY Act, a current law that limits the legal liability of companies hit by acts of terrorism that have government-approved anti-terrorism products and services in place.
PRIVACY GROUPS OPPOSED BILL
Privacy groups also opposed the Senate bill and are credited with influencing six Democrats who voted alongside Republicans to block Senate Majority Leader Harry Reid’s attempt to avert a filibuster of the bill.
These groups saw too many threats to privacy and civil liberties in the legislation, particularly provisions that would allow companies to monitor private communications and pass that data to the government.
Rainey Reitman, activism director at the Electronic Frontier Foundation, said “our primary concerns” with the legislation involved the information-sharing sections.
“As far as I know, Obama won’t attempt to address information sharing with an executive order,” she said. “If Obama wants to issue an executive order that doesn’t implicate civil liberties or overstep the authority of the executive branch, then we have no criticism of that.”
While some senators have said they will try again in September to get a bill passed, most analysts see little chance of both Houses acting before the 112th Congress comes to an end in January.
Republicans have repeatedly blasted Obama for wielding his executive powers to make what they consider end runs around Congress. Most recently, they criticized the administration’s decision to adjust immigration policies in order to shield young illegal immigrants from deportation.