Executive order could institute controversial cybersecurity measures

According to published reports, a purported draft executive order circulating in Washington could revive measures from the Cybersecurity Act of 2012, a bipartisan bill that failed in Congress amid partisan discord.

The draft order is said to still be undergoing revisions, but likely will involve the institution of a voluntary program for private companies operating critical infrastructure to cooperate with government-instituted standards and best practices, The Hill reported. The program would be led by the Homeland Security Department and include the Commerce and Defense departments, as well as others still being determined. While DHS would manage the program, the National Institute of Standards and Technology would work with industry in crafting the framework. 

If the idea sounds familiar, it’s because it was part of the failed cybersecurity bill spearheaded by Sen. Joe Lieberman (I-Conn.). It was also a chief concern of opponents to the bill who felt the measure would lead to the government effectively controlling private networks.

White House officials have declined to comment on any specific executive cybersecurity order that is being considered, but a spokesperson did say an order is one of several options being considered. Language in the Democratic Party platform released earlier this week also suggested the possibility.

“President Obama has supported comprehensive cybersecurity legislation that would help business and government protect against risks of cyber attacks while also safeguarding the privacy rights of our citizens,” the platform stated. “And, going forward, the president will continue to take executive action to strengthen and update our cyber defenses.”

Reports say that the draft order could be circulated to federal agencies as soon as next week, but at least one source familiar with the issue isn’t so certain.

Trey Hodgkins, TechAmerica senior vice president of global public sector government affairs, said the draft order being reported on is actually a “stale version of an update to [Homeland Security Presidential Directive 7]…that didn’t encompass all the challenges they would likely want to cover in an executive order.”

Some champions of failed cybersecurity legislation, including Sens. Jay Rockefeller (D-W.V.) and Dianne Feinstein (D-Calif.), have been vocal in their support for an executive order, writing letters to the Obama administration encouraging cybersecurity action. Richard Clarke, former presidential adviser on cybersecurity, last month wrote a blog on the Huffington Post website urging President Obama to take executive action.

“The president could let the Congressional farce continue on the issue of cyber security, with resulting inaction,” Clarke wrote. But such a lack of action “would be inconsistent with his Constitutional duty to protect the nation from significant threats. He should issue an executive order to improve our cyber defenses now.”

But others who are opposed to the bill are already sounding the alarm.

“Businesses need to speak up and let the White House and Congress know that they do not support unilateral cybersecurity requirements (even if they are couched as “voluntary”) via an Executive Order, because the issue goes to the very core of their business operations and has the potential to be extremely burdensome and costly,” Jody Westby, CEO of Global Cyber Risk, wrote in a Sept. 7 Forbes op-ed. “This kind of heavy-handed tactic satisfies a few but hurts the constituents…because it circumvents one of the most important functions of our government — the legislative process.”

About the Author

Amber Corrin is a former staff writer for FCW and Defense Systems.


  • Comment
    Pilot Class. The author and Barbie Flowers are first row third and second from right, respectively.

    How VA is disrupting tech delivery

    A former Digital Service specialist at the Department of Veterans Affairs explains efforts to transition government from a legacy "project" approach to a more user-centered "product" method.

  • Cloud
    cloud migration

    DHS cloud push comes with complications

    A pressing data center closure schedule and an ensuing scramble to move applications means that some Homeland Security components might need more than one hop to get to the cloud.

  • Comment
    Blue Signage and logo of the U.S. Department of Veterans Affairs

    Doing digital differently at VA

    The Department of Veterans Affairs CIO explains why digital transformation is not optional.

Stay Connected


Sign up for our newsletter.

I agree to this site's Privacy Policy.