WASHINGTON – President Obama issued a proclamation Monday making October National Cyber Security Awareness Month. But with cyber security proposals stuck in Congress, the Obama administration is moving to do more than create an awareness month.
“We are very cognizant that in some industries there exist already regulatory authorities that can be used for cyber security,” Homeland Security Secretary Janet Napolitano said at the National Journal’s Cyber Security Summit. “What we want to do is make sure that the core critical infrastructure of the country protects itself.”
The draft order obtained by AP picks up many of the Cyber Security Act’s pieces, from protections placed on vital infrastructure systems (the definition of which proved a sticking point for the Senate proposal), voluntary standards for private companies, and a Homeland Security Department council with representatives from various departments to assess and report on cyber security threats.
The order follows calls for Obama to act from a number of co-sponsors of the Cyber Security Act, including Sens. Dianne Feinstein (D-Calif.), Jay Rockefeller (D-W.Va.) and Barbara Mikulski (D-Md.).
The White House itself unintentionally underscored the importance of cyber security, confirming this week that it was the target of an attempted attack on an unclassified network, described as a “spear-phishing” incident by spokesman Jay Carney.
“The executive order is a big mistake. First of all, the executive order cannot grant the liability protections that are needed in order to encourage more participation by the private sector, so the executive order simply cannot accomplish what legislation can,” Collins said during a discussion at the Wilson Center in Washington, D.C., on Monday. “In addition, an executive order is not lasting, and it doesn’t reflect a consensus by Congress on what should be done.”
And a contingent of Republican senators, including John McCain (R-Ariz.), Saxby Chambliss (R-Ga.) and Kay Bailey Hutchison (R-Texas), sent a letter to Obama on Tuesday asking for the president to work through Congress, not the White House, to improve cyber security protocols.
“An issue as far-reaching and complicated as cyber security requires all stakeholders to work together to develop an enduring legislative solution through formal consideration and approval by Congress. Yet, rather than build confidence and unity among key stakeholders, an Executive Order will solidify the present divide,” they said in the letter. “Only the legislative process can create the durable and collaborative public-private partnership we need to enhance cyber security.”
Civil liberty advocates, who have been fighting against numerous provisions proposed in cyber security bills, appear inclined to join the opposition to an executive order.
“Any action by any occupant of the White House on an executive order that mandates the collection of data across federal agencies worries me,” ACLU Executive Director Anthony Romero said Monday. “It’s not going to be President Obama forever, and we’ve had President Bush, and when you use executive order powers for good reasons, you’ll find them used and turned right on us for bad reasons.”
The White House has said it will not comment on “ongoing internal deliberations” and maintained that the executive order is just “one of a number of measures” under consideration.