A rumor exists that the Obama administration is drafting an executive order to guard national networks against cyber-attacks. Bloomberg News cited two unnamed former officials on the claim, and The Washington Post outlined its contents.
Discussion around the issue largely started after a Senate Republican filibuster blocked S. 3414 on Aug. 2. The bill would have set voluntary cybersecurity standards for privately owned companies and reward those who joined in.
Responding to this, John O. Brennan, President Barack Obama’s top counterterrorism and homeland security adviser, said in an Aug. 8 speech at the Council on Foreign Relations, “One of the things we need to do in the executive branch is see what we can do to maybe put additional guidelines and policies in place under executive branch authorities. If the Congress is not going to act on something like this, the president wants to make sure we’re doing everything possible,” according to a transcript.
Brennan added that he found the failure “incomprehensible,” given that the legislation “was calling for minimum performance standards on the cybersecurity front for critical infrastructure that the U.S. government would help develop with private industry.”
White House spokeswoman Caitlin Hayden emailed a statement to Bloomberg News, saying “An executive order is one of a number of measures we’re considering as we look to implement the president’s direction to do absolutely everything we can to better protect our nation against today’s cyberthreats.”
In other words, they are considering an executive order, but other options are on the table.
The basic claim is that this would create a voluntary cybersecurity program that companies can adopt, and is part of an effort to secure critical infrastructures—areas that keep the country moving, and would be key targets in a cyberwar, such as the energy grid, the financial sector, and transportation networks.
Now, it’s significant to note that a strategy fitting this description was already drafted and proposed by the Obama administration in the 2011 Cybersecurity Legislative Proposal. Yet, understanding this fully requires a brief look back over the past couple years.
Cybersecurity came to the forefront in 2010. Google was pulling out of China after it exposed a state-run cyber-attack to hack email accounts of foreign dissidents, information leaking website WikiLeaks was pouring secret government data onto the Web, hacker groups like Anonymous Operations were making a spectacle of poor security all over the Internet, and the U.S. government was getting plenty of pressure about the dismal state of online security.
The solution to this came in a series of bills, which, although they were in development prior to this time, got a major push around April and May of 2011. One side of this was meant to lay down standards for the military and for sharing information on threats with U.S. allies, while the other side was meant to secure critical infrastructure across the nation.
Bits and pieces of the military strategy were starting to surface around April 2011, although the official strategy wasn’t released until July.
As for the national strategy, however, two different proposals were floating around. One was proposed by the Homeland Security and Governmental Affairs Committee, and the other was laid out in the White House Cybersecurity Legislative Proposal.
There was one major difference between the bill and the White House proposal, which turned into one of the key deal-breakers. The proposal through the Governmental Affairs Committee would create the White House Office of Cybersecurity, the leader of which would be confirmed by the Senate.
The White House proposal, on the other hand, would have updated the Federal Information Security Management Act (FISMA) to “formalize” the Department of Homeland Security’s “current role in managing cybersecurity for the Federal Government’s civilian computers and networks, in order to provide departments and agencies with a shared source of expertise,” states a White House fact sheet from May 12, 2011.
On the other side of the argument, Sen. Joseph Lieberman [I-Conn.] said in a May 23, 2011, hearing, “We just believe that the stakes are too high, when it comes to cybersecurity for our country, that whoever holds this position should be confirmed by the Senate and therefore be accountable to Congress,” according to text of the prepared speech.
The rumored executive order, according to Bloomberg News, would have the program managed by the Department of Homeland Security. So it’s likely that if passed, it will open up some old wounds.
Controversy aside, however, passing a cybersecurity bill to guard national infrastructure was a key part of the overall strategy to guard U.S. networks.
On the international and military side, NATO announced its cybersecurity plan at the NATO Lisbon Summit in December 2010 that made a key point of forming coalitions, so that if one country detected a cyber-attack or a form of espionage, they would alert their allies of the threat.
The U.S. military strategy had a similar point. When Deputy Secretary of Defense William Lynn first detailed the strategy during an Oct. 1, 2009, Council on Foreign Relations (CFR) event, he said it would use “a Cold War concept” of sharing information between allies.
The national cybersecurity plan was supposed to accomplish the same thing, only instead of sharing information on threats between countries, it would open channels to share between industries, state government, and local government.
In other words, if there were a cyber-attack that was targeting several major U.S. companies—and notably, many large attacks do use the same techniques on multiple targets—if one company detected this, they would share it with others in the program so they could close the loophole.
“The cybersecurity vulnerabilities in our government and critical infrastructure are a risk to national security, public safety, and economic prosperity,” stated the Cybersecurity Legislative Proposal fact sheet. “The Administration has responded to Congress’s call for input on the cybersecurity legislation that our Nation needs, and we look forward to engaging with Congress as they move forward on this issue.”
The Epoch Times publishes in 35 countries and in 19 languages. Subscribe to our e-newsletter.