White House leaks draft of CISPA-like cybersecurity executive order

Get short URL

Published time: September 12, 2012 17:21
Edited time: September 12, 2012 21:21

The White House has leaked further details on a planned executive order that lets US President Barack Obama lay out blueprints for a program tasked with protecting America’s computer infrastructure following Congress’ failure to do so themselves.

The Associated Press has obtained a draft of what they describe as the cybersecurity executive order that has long been rumored as on the way but only recently confirmed by White House insiders. Last week, officials within the Obama administration acknowledged that the president was planning to release a directive to expedite protection of America’s cyber infrastructure, and now the AP says they have come into possession with a copy of it.

Among the AP’s claims, the executive order will establish a critical infrastructure cybersecurity council manned by the US Department of Homeland Security that will be staffed by members of the departments of defense, justice and commerce, and national intelligence office, who “would submit a report to the president to assess threats, vulnerabilities and consequences for all critical infrastructure sectors.”

The AP says the draft outlines rules for federal agencies to propose new regulations or broaden existing ones and includes other provisions involving the sharing of data between private corporations and the federal government.

The White House has not announced when the president will authorize the executive order, but its mere existence is all but certain to be a response to the Legislative Branch’s inability to compromise on a cybersecurity bill between members of both the House of Representatives and the Senate. Lawmakers in the House were able to largely agree on one such bill this year, the Cyber Intelligence Sharing and Protection Act, or CISPA, but efforts on the part of the Senate to draft a similar bill on their own end were futile, leaving Washington essentially deadlocked on the issue, much to the chagrin of those they have made hawkish calls for an immediate and extensive law.

Had CISPA been signed into law, it would have offered incentives to private companies who shared personal user info submitted online with the US government under the guise of being a necessity for national security. The White House released a statement of administrative policy in response back in April condemning CISPA on the basis that it failed “to provide authorities to ensure that the nation's core critical infrastructure is protected while repealing important provisions of electronic surveillance law without instituting corresponding privacy, confidentiality and civil liberties safeguards.”

“Moreover, information sharing, while an essential component of comprehensive legislation, is not alone enough to protect the nation's core critical infrastructure from cyber threats,” the White House originally wrote.

The Obama administration said earlier this year that president would veto CISPA if a copy of the bill made its way to the oval office, but skeptics have been unsure of Mr. Obama’s take as of late, specifically after cybersecurity coordinator Howard A. Schmidt left his position within the administration in May. Now the White House has revealed their own plans for a cybersecurity bill that, while largely different from CISPA in some aspects, certainly borrows from some parts of that bill.

The AP reports that third-party companies will not necessarily be bound to sharing intelligence with the government in exchange for certain incentives, although they will be able to voluntarily provide information. Federal News Radio reporter Jason Miller claims to have seen excerpts from the executive order last week and described it more closely related to the comprehensive cyber legislation introduced by Sens. Joseph Lieberman (I-Conn.) and Susan Collins (R- Maine) than CISPA, but added, “Sources say it doesn't advocate for rewards or more tangible incentives such as liability protection like the Lieberman-Collins bill does.”

More so, however, the executive order appears to lay down the groundwork for federal staffers assigned to a committee established under the directive to design further cybersecurity acts once the order is signed.

“The private sector would collaborate with the cybersecurity council and also cooperate with NIST in the development of cybersecurity guidance,” the AP describes the order, while also seeking “better digital defenses for critical infrastructure while encouraging economic prosperity and promoting privacy and civil liberties.”

White House spokeswoman Caitlin Hayden told the Washington Post last week, “an Executive Order is among the things we’re considering to fulfill the president’s direction to us to do absolutely everything we can to better protect our nation against today’s cyberthreats.”