With cyber threats to public and private sector entities on the rise and Congress doing little to assist, the Obama administration is considering the overhaul of an outdated initiative designed to protect the nation’s critical infrastructure from attacks.
According to Bloomberg, a revised draft of the Homeland Security Presidential Directive 7, developed back in December 2003, is being circulated among White House officials and advisors in an effort to revamp the proposal to address U.S. cybersecurity.
If put in place, the updated directive would chart a path for information sharing between federal agencies and private sector companies – a concept Capitol Hill has struggled with in hearings and debates year after year.
“If the Congress is not going to act on something like this, then the president wants to make sure that we’re doing everything possible,” suggested John Brennan, Obama’s counterterrorism adviser, according to Bloomberg.
But Republicans have warned that the Obama administration’s cybersecurity policies would encroach too much upon and strain American businesses.
In the party’s 2012 platform, approved earlier this week at the Republican National Convention, the GOP claimed, “The current Administration’s cyber security policies have failed to curb malicious actions by our adversaries.”
The Republican policy piece went on to suggest, “The current Administration’s laws and policies undermine what should be a collaborative relationship and put both the government and private entities at a severe disadvantage in proactively identifying potential cyberthreats. The costly and heavy-handed regulatory approach by the current Administration will increase the size and cost of the federal bureaucracy and harm innovation in cybersecurity.”
But not all members of Congress are advocating for additional debates. Encouraging Obama to overstep Capitol Hill, Sen. Diane Feinstein (D-Calif.), chairman of the Senate Intelligence Committee, this week sent a note to the president, advising him to issue an executive order to secure the nation’s networks.
“I believe the time has come for you to use your full authority to protect the U.S. economy and the networks we depend on from future cyber attack,” the senator wrote in the letter. “While an Executive Order cannot convey protection from liability that private sector companies may face, your Administration can issue cybersecurity standards and provide technical assistance to companies willing to take voluntary steps to improve their security.”
As the president weighs his cyber options, Sen. Feinstein joins the short list of members of Congress and their Washington cohorts on board with the E.O.
“It is unconscionable that Congress has failed to take decisive legislative action to address what should be a non-partisan national security issue,” Rep. Ed Markey (D-Mass.) wrote in a letter to the president earlier this month. “Leaving America powerless against the threat to security of our electric grid is an unacceptable and an unnecessary risk…. You can and must take action to mitigate these threats and vulnerabilities to the extent possible by executive order.”
Off the Hill, James Lewis, senior cyber fellow at the Center for Strategic and International Studies told the National Journal it would be hard to make the cybersecurity issue “any messier than it was politically,”
“If done right, an executive order could help critics reconsider their arguments,” he advised.
____
Michelle Kincaid is a DC-based public affairs professional specializing in technology policy. She is also founder of the blog CybersecurityNews.org. Follow her on Twitter at @OnCybersecurity.