• The Heritage Network
    • Resize:
    • A
    • A
    • A
  • Donate
  • A Cybersecurity Executive Fiat Is a Very Bad Idea

    There are reports circulating that the White House has drafted an executive order to implement cybersecurity regulations. Congress—the representatives of the people— could not come to a sufficient level of agreement needed by the Constitution to pass the Cybersecurity Act of 2012.

    Now, a few Senators say they know better and have urged the President to ignore Congress and simply direct a new set of cybersecurity regulations by executive order. Is this legal? Possibly, but that depends on the scope of any future executive order and the President’s discretion under existing legal authorities. Is it wise to proceed on this issue by unilateral executive action?

    Absolutely not!

    First, why did the Cybersecurity Act of 2012 fail to pass? Was it political spite, or election year partisan wrangling? Some might think that, because they believe that anyone who disagrees with them is clearly motivated by power politics. This is ridiculous. The reason the bill did not pass was because there are reasonable and serious policy differences regarding how the nation should approach the growing challenge of cybersecurity. These differing camps are not at opposite ends of the political spectrum, but are spread throughout the American ideological landscape.

    The staffs of Senators Joe Lieberman (I–CT) and Susan Collins (R–ME), who wrote the bill, actually did a very good job of reaching out to a wide array of actors from the public and private sector during its long incubation. As the vote neared, they also tried to soften several areas that opponents found objectionable. They deserve congratulations for the effort. In the end, however, they failed to gain the support needed for their point of view.

    The main complaint with the bill was that it was based on a regulatory framework. Even though the staffs made some of the major provisions “voluntary,” individual agencies could have promulgated regulations that would have been binding in specific industry sectors. The bottom line is that a significant number of relevant players think regulation is the wrong way to foster cybersecurity. That is what killed the bill.

    Regulation—particularly federal regulation—is slow, cumbersome, and static. Once it is in place, it is nearly impossible to change or remove. This is exactly the wrong approach for dealing with a fast-moving and incredibly dynamic field like cybersecurity. Give hackers—whether working for themselves or for another nation-state—a static standard, and they will waltz around it and have their way with the target entity. Those who opposed the bill recognized this. Those who favored it believe that any bill is better than none. This is simply not the case.

    Getting back to the possible executive order: The President obviously falls into the “any bill” camp. He is also greatly in favor of as much federal regulation as he can get, believing that the Feds always have the answer and must always be the benevolent father protecting the people from themselves. It does not seem to matter that the majority of major tech businesses (and many government auditors such as the Government Accountability Office) feel that regulations like this will stifle innovation and foster a culture of “minimal compliance.”

    The President should resist the temptation to ladle on a new regulatory bureaucracy (or bureaucracies) simply to satisfy the need to “do something.” If it is not done right, it will do damage. Let the debate continue until it is done right, Mr. President. It’s called the democratic process, and it invariably provides the best answers, even if it takes awhile.

    Posted in Featured [slideshow_deploy]

    7 Responses to A Cybersecurity Executive Fiat Is a Very Bad Idea

    1. Bob King says:

      Great piece Steve, I appreciate the clear manner in which you described the issues with previous bills. I did not know you were now writing for Heritage Foundation.

    2. DAA says:

      Are you kidding? Reasonable policy differences? Republicans requested 70 amendments. One of which was banning abortions past 20 weeks in Washington, DC. Another was a repeal of Obamacare. Regardless of where anyone stands on the political spectrum, it's obvious Congress is comprised of children who are wasting our time and money and putting the US citizens' security, health care, food supply…you name it…at stake.

      • ChuckL` says:

        So DAA, Will you join me in requiring that the anything goes clause be removed from the purpose of the bill statement and is replaced by a statement of a single purpose "AND NO OTHER PURPOSE".

      • RMF says:

        Who's kidding whom? Bucci is absolutely correct–there were in fact "reasonable and serious policy differences" on the specific issue of cybersecurity. And those differences were critical to the failure to reach consensus. That additional amendments, mostly non-germane to cybersecurity, were offered when the legislation was under consideration does not change that fact; such off-point amendments have been offered innumerable times with regard to many other pieces of legislatioin in the past and will be offered innumerable times in the future. It's called the "legislative process," and while it ain't pretty, it is democracy in action.

    3. Stirling says:

      More reason to vote this administration out in November. We have 3 eual (seperate) branches of government for a reason (so that the president CAN NOT run the country by "fiat or executive order"). A president that bypasses the people's wishes is nothing more then a dictator. Even Clinton respected congress and got things done (without abusing the exectutive orders).

    4. I really did not understand what are you looking for.I have no seen about this before.We people are providing much services in different sector as well.I will share in few more things with you
      http://riskcontrolstrategies.com/about/cyber-secu

    5. Bobbie says:

      a cybersecurity executive fiat in the hands of the dishonorable, irresponsible is a the only idea when the intent is bad…

    Comments are subject to approval and moderation. We remind everyone that The Heritage Foundation promotes a civil society where ideas and debate flourish. Please be respectful of each other and the subjects of any criticism. While we may not always agree on policy, we should all agree that being appropriately informed is everyone's intention visiting this site. Profanity, lewdness, personal attacks, and other forms of incivility will not be tolerated. Please keep your thoughts brief and avoid ALL CAPS. While we respect your first amendment rights, we are obligated to our readers to maintain these standards. Thanks for joining the conversation.

    Big Government Is NOT the Answer

    Your tax dollars are being spent on programs that we really don't need.

    I Agree I Disagree ×

    Get Heritage In Your Inbox — FREE!

    Heritage Foundation e-mails keep you updated on the ongoing policy battles in Washington and around the country.

    ×