Obama poised to issue executive order — sources
The White House last year was rumored to be considering an executive order after Congress failed to push through legislation to protect the system. The measure would have set up a special cybersecurity council under the Department of Homeland Security and included voluntary standards for companies and regulations covering especially vital systems (E&E Daily, Sept. 12, 2012).
The executive order could outline standards to protect companies overseeing critical infrastructure like power plants and the grid, but it’s doubtful the order will be extremely detailed, industry sources said.
Administration officials have said in recent months that an executive order alone will not solve the problem.
“An executive order is not magical; it does not create new power or authority for any government agencies,” Andy Ozment, the White House’s senior director for cybersecurity, said at a National Association of Regulatory Utility Commissioners conference last week (Greenwire, Feb. 6).
Administration officials have forcefully pushed for legislation, specifically last year’s S. 3414 from then-Sen. Joseph Lieberman (I-Conn.) and Sen. Susan Collins (R-Maine). That bill would have created voluntary standards for private operators of critical infrastructure such as the electric grid and water plants and offered incentives for companies that met them.
The U.S. Chamber of Commerce staunchly opposed the Lieberman-Collins bill, though, contending that the standards were voluntary in name only and would have become a back door to new regulations. GOP senators twice filibustered the bill last year.
House Intelligence Chairman Mike Rogers (R-Mich.) and ranking member Dutch Ruppersberger (D-Md.) plan to reintroduce their “Cyber Intelligence Sharing and Protection Act” tomorrow. CISPA was passed by the House last year but received a veto threat from the administration and stalled in the Senate. The bill is aimed at boosting classified information sharing between the federal government and the private sector. It would also provide liability protection for companies that choose to protect their own networks or share threat information.