• The Heritage Network
    • Resize:
    • A
    • A
    • A
  • Donate
  • A Cybersecurity Executive Order Could Harm Security

    With reports of a draft executive order on cybersecurity being circulated, it now seems likely that President Obama will go forward with this flawed approach. The peculiar thing is that the order does not seem to add anything new. If that is true, why is the President expending political capital to pursue it?

    The Cybersecurity Act of 2012 failed to pass in the Senate, even with the last minute horse trading that occurred just before the vote. The concern of most opponents—including numerous businesses and the Chamber of Commerce—was the regulatory basis of the bill. Regulation is the wrong way to add security, and many of the nation’s legislators agreed. The bill could not clear the Senate, and certainly wouldn’t have passed the House.

    The President again wants to tell Congress that his judgment is better than theirs. The Administration still feels that the Department of Homeland Security (DHS) can not only develop the appropriate regulations to provide cybersecurity, but should fully oversee U.S. businesses and infrastructure in that effort. That is wrong. DHS has shown itself to be inadequate for that task on smaller issues such as chemical industry security. Why would anyone think that it could handle a task as monumental as cybersecurity for all U.S. critical infrastructure? This is especially concerning since the government doesn’t even do a good job protecting its own infrastructure from cyber attacks.

    That said, the order appears to be crafted to seem as vanilla as possible. It calls for voluntary regulation that infrastructure owners in the private sector would elect to follow. It would set up a council headed by DHS, with the Department of Defense, Commerce, Energy, and Treasury as members; with the Attorney General and the Director of National Intelligence as Advisors. This is the only “new” aspect.

    The council would decide what constitutes critical infrastructure, and which companies would therefore be “encouraged” to participate. After that, the National Institute of Standards and Technology (NIST) would develop the standards (they already do that), DHS would use the sector coordinating councils to polish the NIST recommendations (they already do that), and industries would choose what methods they would take to move toward the new standards. This all sounds like a lot of effort to add very little to the mix. Or is it?

    There is still a great concern that this will be a backdoor to an expansion of regulation. There is a huge possibility that individual agencies will take the “voluntary” standards, marry them to existing authorities, and turn them into full blown regulations. This is exactly why the Cybersecurity Act of 2012 was rejected.

    Federal regulations are too slow, too static, and too focused on a lowest common denominator.  They will emphasize compliance, not true security. American entities will be “racing” to meet static regulations, believing that it will make them safe. They will never be able to keep pace with new innovations and the nation’s adversaries will move around, over, and through our now inadequate defenses. Hackers; individual, criminal, and international, are all waiting eagerly.

    This Executive Order is not needed. Congress, the Administration, and industry need to roll up their sleeves together and get it right. America deserves a good, functioning cyber bill, not a political stunt that will do more harm than good.

    Posted in Featured [slideshow_deploy]

    2 Responses to A Cybersecurity Executive Order Could Harm Security

    1. E J says:

      Going down the slippery slope.

    2. Lloyd Scallan says:

      Mr. Bucci – Do you or anyone at HF not realize every policy embraced by Obama is deliberately designed to harm America as we have known it. You and HF must understand that Obama and his lackeys in the Democrat Party will not stop doing everything they can to collapse the nation into socialism.

    Comments are subject to approval and moderation. We remind everyone that The Heritage Foundation promotes a civil society where ideas and debate flourish. Please be respectful of each other and the subjects of any criticism. While we may not always agree on policy, we should all agree that being appropriately informed is everyone's intention visiting this site. Profanity, lewdness, personal attacks, and other forms of incivility will not be tolerated. Please keep your thoughts brief and avoid ALL CAPS. While we respect your first amendment rights, we are obligated to our readers to maintain these standards. Thanks for joining the conversation.

    Big Government Is NOT the Answer

    Your tax dollars are being spent on programs that we really don't need.

    I Agree I Disagree ×

    Get Heritage In Your Inbox — FREE!

    Heritage Foundation e-mails keep you updated on the ongoing policy battles in Washington and around the country.

    ×