Executive Order in the Works to Enact GOP-Blocked Cybersecurity Bill

Democratic senators are urging President Obama to quickly issue an executive order to put into effect cybersecurity legislation killed by a GOP filibuster last month.

“Senate Republican opposition to this vital national security bill, coupled with the deeply-flawed House information sharing bill that threatens personal privacy while doing nothing to protect the nation’s critical infrastructure, is a profound disappointment,” the White House said at the time.

The bill would have given the government three tools that advocates say are needed to beat back cyberattackers: a focus on protecting infrastructure such as water and power grids, new information sharing on threats between the government and private industry, and new Homeland Security powers to guide the federal cybersecurity strategy.

Sen. John McCain (R-Ariz.), in opposing cloture on the bill, said it should have been subjected to the proper committee process and called the rushed legislation lacking in transparency and “a ploy to advance the fiction that we are focused on national security.”

“As I have said time and time again, the threat we face in the cyber domain is among the most significant and challenging threats of 21st century warfare. But this bill unfortunately takes us in the wrong direction and establishes a new national security precedent which fails to recognize the gravity of the threats we face in cyberspace,” McCain said on the floor in August.

The senator said a cooperative relationship between the government and private sector is needed, not “an adversarial relationship rooted in mandates used to dictate technological solutions to industry.”

“In addition to the problems with the information sharing provisions, the critical infrastructure language grants too much authority to the government, failing to consider the innovative potential of the private sector,” McCain said.

McCain was among Republicans who expressed disappointment that Congress broke for the August recess without coming to a bipartisan agreement on cybersecurity legislation as the GOP-led House did.

“When it returns next month, the Senate should address cybersecurity, but not in the ‘take it or leave it’ manner the Majority Leader pursued. Instead, it should be done in a manner that ensures our security, utilizes the most innovative aspects of the private sector and the government, and does not harm our economy. This critical effort should not fall victim to partisan politics in an election year,” he said in an Aug. 14 statement along with Sens. Kay Bailey Hutchison (R-Texas), Chuck Grassley (R-Iowa), Saxby Chambliss (R-Ga.), Jon Kyl (R-Ariz.), Lisa Murkowski (R-Alaska), Dan Coats (R-Ind.), Ron Johnson (R-Wis.), and Richard Burr (R-N.C.).

As one of many things on the Senate’s plate in the short break between the summer and campaign recesses — the farm bill, sequestration, and the continuing resolution to fund the government for the next six months among them, with debate on the Veterans Jobs Corps Act on the schedule for tomorrow and recess expected Thursday — a quick legislative fix is unlikely.

But in a “We Can’t Wait” administration, as branded by Obama, pushing through a bill stalled in the legislative branch by executive fiat would hardly be unprecedented.

Without issuing an executive order, in June Obama ordered the Department of Homeland Security to grant “deferred action” status and a path to work authorization for illegal immigrants who arrived in the country as children. The “prosecutorial discretion” move was hailed by DREAM Act supporters who had long struggled to move legislation on the Hill.

It was criticized, though, by those who saw the executive branch countering the will of legislators to meet the demands of the president’s party.

Still, party members are wanting Obama to take the same route to enact that which Congress has not passed.

Last month, Sen. John D. Rockefeller (D-W.Va.), chairman of the Senate Committee on Commerce, Science and Transportation, asked Obama to consider an executive order “to establish a program to protect critical cyber infrastructure along the lines of the program that we proposed in Title I of the Cybersecurity Act.”

That includes the collaboration between the government and private sector cited by McCain in his opposition to moving forward with the bill.

“The program also included incentives for adopting the practices, including protection against liability for punitive damages,” Rockefeller wrote. “While a program created through executive action cannot include such incentives, I believe it is critical that we move forward.”

Calling the cyberthreat “unprecedented,” Rockefeller offered Obama “any assistance as you consider this decision.”

Rockefeller received a response last week from John Brennan, assistant to the president for homeland security and counterterrorism, in which he vowed that “following congressional inaction, the President is determined to use existing executive branch authorities to protect our nation against cyber threats.”

“Specifically, we are exploring an Executive Order to direct executive branch departments and agencies to secure the nation’s critical infrastructure by working with the private sector,” Brennan wrote. “…I would note that executive branch actions under existing authorities cannot alter the reality that the United States Government will continue to be hamstrung by outdated and inadequate statutory authorities that the legislation would have addressed.”

Today, Sens. Chris Coons (D-Del.) and Richard Blumenthal (D-Conn.) urged the president to move forward with that executive action.

“We remain committed to the passage of this important legislation, and are continuing our efforts to resolve differences regarding the appropriate role of government in the protection of critical infrastructure,” they wrote in a letter to Obama. “We write today to stress, however, that the failure of Congress to act should not prevent the executive branch from taking available steps to counter the enormous and growing cyber threat.”

“Unfortunately, a sufficient number of Senators remain opposed to the creation of any government standard — advisory or not — out of a concern that a responsible agency might someday use existing regulatory authority to make such a standard mandatory,” Coons and Blumenthal added. “…We recognize that an order directing the promulgation of voluntary standards cannot and should not be the final word in cybersecurity.”

Late last week Tech Dirt published what it says is an “incredibly vague” leaked draft of the forthcoming executive order, which doesn’t delve into how privacy concerns will be protected in tenets including “development of an information exchange framework.”