• The Heritage Network
    • Resize:
    • A
    • A
    • A
  • Donate
  • Executive Orders in Cybersecurity Result in Incomplete and Empty Solutions

    Over the weekend, a draft of a cybersecurity executive order was shown to members of the press. Leaked reports of secretive decision making are what the U.S. gets when the President decides to ignore the democratic process and implement rules by executive fiat. The U.S. also gets policies that are often incomplete and poorly thought out.

    Reports indicate that the executive order will create a cybersecurity council, with the Department of Homeland Security (DHS) in charge. The council will create a voluntary information-sharing system and a voluntary regulatory framework.

    The Heritage Foundation has been very supportive of information sharing as a way to improve cybersecurity. However, we have also been clear that for information sharing to work, certain important features are necessary. Clear liability protection—protection for companies that share information in good faith and without malicious intent—is absolutely critical. Without liability protection, companies will be afraid to share their cybersecurity information, because it might be used against them in court later.

    The executive order has its limits, and one of them is that it cannot provide liability protection. Effective information sharing can be realized with actual legislation, but it would help if the President would slow down and allow Congress to do its job of crafting a complete approach.

    Another problem with the executive order is that it follows the same approach as the failed Cybersecurity Act of 2012 (CSA) with regard to regulation. The CSA fell short in the Senate because there are many who believe that standards and regulations are the wrong way to proceed in the dynamic realm of cybersecurity. The executive order will create a voluntary, standards-based program for protecting critical infrastructure, with standards written by the National Institute of Standards and Technology and most likely carried out by sector-based regulatory agencies that are already in place, such as the Federal Energy Regulatory Commission.

    These standards, however, are almost worthless because even Jim Lewis, a supporter of a regulatory approach from the Center for Strategic and International Studies, concluded: “Find me a company that says ‘I’m going to voluntarily agree to be regulated by DHS.’ Nobody is going to volunteer to have DHS regulate them.” If anything, this will give a false sense of security, slowing Congress from acting and delaying real cybersecurity improvements.

    The President should reject a cybersecurity executive order that will do little to solve our cybersecurity woes and will likely only hinder Congress from moving forward on real solutions in the future.

    Posted in Security [slideshow_deploy]

    2 Responses to Executive Orders in Cybersecurity Result in Incomplete and Empty Solutions

    1. uh no... says:

      how about no? leave the net alone.

    2. justfolk says:

      leave the net alone!….there is more to this than meets the eye and stinks to high heaven…probably has less to do with security and more to do with control, further monitoring and gathering of personal data of American citizens……

    Comments are subject to approval and moderation. We remind everyone that The Heritage Foundation promotes a civil society where ideas and debate flourish. Please be respectful of each other and the subjects of any criticism. While we may not always agree on policy, we should all agree that being appropriately informed is everyone's intention visiting this site. Profanity, lewdness, personal attacks, and other forms of incivility will not be tolerated. Please keep your thoughts brief and avoid ALL CAPS. While we respect your first amendment rights, we are obligated to our readers to maintain these standards. Thanks for joining the conversation.

    Big Government Is NOT the Answer

    Your tax dollars are being spent on programs that we really don't need.

    I Agree I Disagree ×

    Get Heritage In Your Inbox — FREE!

    Heritage Foundation e-mails keep you updated on the ongoing policy battles in Washington and around the country.