November 19, 2012
The Cybersecurity Act of 2012 is dead in the water after yet again failing to reach the Senate floor, but that does not mean some measures of reform will not be taken.
It is thought the White House will use an executive order to put in place some elements of the bill which was blocked by Republicans and a small group of Democrat senators last week.
“Congressional inaction in light of the risks to our nation may require the administration to issue an executive order as a precursor to the updated laws we need,” White House cyber-security co-ordinator Michael Daniel said in a statement to The Hill. “We think the risk is too great for the Administration not to act.”
Senate Majority Leader Harry Reid, D-Nev., who called the bill “dead for this Congress,” described the act in a statement as “important to national security.”
“I hope President (Barack) Obama uses all the authority of the executive branch at his disposal to fully protect our nation from the cyber security threat,” Reid is quoted by The Hill.
Although Reid has said he is in favor of an executive order, he also said more needs to be done to give companies liability protection should a cyber-attack occur.
News reports indicate Obama signed the classified Presidential Policy Directive 20 in mid-October. The directive puts in place new cyber defense principles for government agencies. A draft executive order, which focuses on the nation’s critical infrastructure, was also prepared in case it was needed. It appears the draft will now be put to use.
According to Information Week, the draft executive order would direct the National Institute of Standards and Technology to set cyber-security standards for 18 “critical infrastructure industries.”
“The Department of Homeland Security would encourage adoption of these standards, and agencies responsible for regulating critical infrastructure industries would be responsible for proposing potentially mandatory cyber-security regulations for those industries,” Information Week senior editor J. Nicholas Hoover writes.
“Information sharing is another big piece of the draft order. The executive order would set up new information sharing mechanisms that will accelerate security clearances and limit use of proprietary information. The order would also require agencies to take appropriate steps to ensure privacy of shared information.”
So far, there is no word on when the executive order will be issued.