Two Democratic senators are urging President Obama to direct his administration to publish “advisory” guidelines through an executive order on cybersecurity.
In a letter (PDF) sent to the White House today, Delaware’s Christopher Coons and Connecticut’s Richard Blumenthal say it’s time for an executive order “directing the promulgation of voluntary standards” by the Department of Homeland Security.
It’s hardly clear that the vast Homeland Security bureaucracy — which has received plenty of failing cybersecurity grades from congressional overseers — is best-equipped to advise the private sector on how to secure networks and critical infrastructure.
But after a planned vote last month on federal legislation was derailed thanks to Democrats insisting on new regulations, and Republicans steadfastly opposing them, Coons and Blumenthal say that voluntary standards are better than nothing.
The GOP-controlled House in April approved a competing bill, the Cyber Intelligence Sharing and Protection Act, or CISPA, which would have permit Internet companies to hand over confidential customer records and communications to the National Security Agency and other portions of the U.S. government.
In a letter released last week, White House aide John Brennan confirmed that Obama was contemplating an executive order on cybersecurity. It said:
Following congressional inaction, the president is determined to use existing executive branch authorities to protect our nation against cyber threats. Specifically, we are exploring an executive order to direct executive branch departments and agencies to secure the nation’s critical infrastructure by working with the private sector.
Republicans have been skeptical, with the party generally preferring CISPA’s information-sharing approach over a regulatory one. In a Wall Street Journal op-ed last week, senators John McCain, Kay Bailey Hutchinson, and Saxby Chambliss charged that an executive order would “unilaterally” impose “more mandates and regulations on the private economy.”
Today’s letter appears designed to inoculate the Obama administration against charges that it’s being overly anti-business. It notes that the Bush-era law creating the Department of Homeland Security permits the secretary “to recommend measures necessary to protect the key resources and critical infrastructure of the United States.”
That section of the law, however, does not give Homeland Security any authority to punish private companies if they ignore the suggestions.