Experts debate expansion of president’s cybersecurity powers

Existing law gives president wide discretion in reacting to cyberattacks

Existing laws already give the president broad discretion on how to respond to cyberattacks, despite language in a Senate bill that proposes giving the president specific powers during such events, according to experts.

“The president already has emergency powers to take any action necessary to act in a national emergency,” said Jeffrey Addicott, director of the Center for Terrorism Law at St. Mary’s University School of Law. “This includes cyberspace.”

The president has that power under the National Security Strategy, Addicott said. The most recent National Security Strategy was published in 2006.

Addicott said the bill -- S.773 -- probably included the language to more clearly define how government officials expect to react to a potential threat, Addicott said. There are precedents for presidents acquiring authority in situations where they do not legally need it, he said.

“For example, all presidents can make war without congressional approval, but all presidents go to Congress to seek authorization, if not declaration of war, which was last done in World War II,” he said.

A Senate Commerce Committee staff member agreed that the president already has wide authority when responding to cyberattacks, but the bill makes it clear that the president's authority includes securing the national cyber infrastructure from attack, according to a CNET report.

The bill, introduced earlier this year and still under consideration, proposes giving the president the power to shut down and disconnect government or private computer networks or systems connected to critical infrastructures that are compromised by cyberattacks.

Some Internet companies and technology organizations oppose the presidential powers section of the bill.

Industry group TechAmerica officials said they are still reviewing the bill but do have some concerns with the proposed law.

“For example, we do note that the provision on presidential authority was modified to not specify powers to halt Internet traffic over private-sector networks and are examining the legislation to see if it reflects a true public-private partnership for addressing this issue,” said Charlie Greenwald, TechAmerica’s vice president of communications.

Limiting the president’s control to just critical infrastructures is not much of a restraint because about 85 percent of the nation’s critical infrastructures are controlled by private industry, Addicott said.

A Homeland Security Department list of critical infrastructure includes energy plants, chemical facilities, defense-related production, banks and other private entities, Addicott said.

“In my opinion, from a legal point of view the critical infrastructure should be considered a ‘commons’ and thus, the federal and state governments have an obligation to ensure that it is protected,” he said. “How far they should go in this role is open to debate.”

Since the Clinton administration, the government’s approach to cybersecurity for owners of private computer systems consisted of cooperative engagements rather than mandatory regulations, Addicott said.

“It appears that the Obama administration is taking steps towards increased regulation of private operators,” Addicott said.

About the Author

Doug Beizer is a staff writer for Federal Computer Week.


  • Defense
    Ryan D. McCarthy being sworn in as Army Secretary Oct. 10, 2019. (Photo credit: Sgt. Dana Clarke/U.S. Army)

    Army wants to spend nearly $1B on cloud, data by 2025

    Army Secretary Ryan McCarthy said lack of funding or a potential delay in the JEDI cloud bid "strikes to the heart of our concern."

  • Congress
    Rep. Jim Langevin (D-R.I.) at the Hack the Capitol conference Sept. 20, 2018

    Jim Langevin's view from the Hill

    As chairman of of the Intelligence and Emerging Threats and Capabilities subcommittee of the House Armed Services Committe and a member of the House Homeland Security Committee, Rhode Island Democrat Jim Langevin is one of the most influential voices on cybersecurity in Congress.

Stay Connected


Sign up for our newsletter.

I agree to this site's Privacy Policy.