- The Foundry: Conservative Policy News from The Heritage Foundation - http://blog.heritage.org -
Cybersecurity Executive Order Is a Mistake Every Way You Look at It
Posted By David Inserra On February 12, 2013 @ 11:00 am In Security | Comments Disabled
President Obama plans to issue his cybersecurity executive order  on Wednesday, following his State of the Union address, according to The Hill.
Based on drafts circulating several months ago, the executive order is likely to be highly flawed  in its efforts to impose regulations on the dynamic cyber realm. In addition to simply being a poor policy choice, Obama seems set on burning bridges with Congress by circumventing them on this issue.
The last Congress was unable to pass a cybersecurity bill for good reasons. The House easily passed the Cyber Intelligence Sharing and Protection Act  (CISPA), a bill designed to improve the sharing of information on cyber threats and vulnerabilities, with bipartisan support. Totaling only 27 pages, CISPA was a good-faith effort  to improve our information sharing, something that virtually every cybersecurity proposal has included. Though last-minute changes made the bill much less worthwhile , CISPA nonetheless focused on policy that is cost-effective, able to keep up with the constantly changing cyber realm, and supported by the very businesses being hacked.
Regrettably, some in the Senate and the Administration insisted that cybersecurity regulations be the main feature of any proposal. Many Senators, however, thought regulations might actually hurt our cybersecurity  by imposing large costs, harming innovation, encouraging a compliance attitude, and dooming security to a stuck-in-the-past mindset. As a result, the Senate twice failed to pass a regulatory bill known as the Cybersecurity Act of 2012  (CSA).
Both the Senate and the House decided that regulations were not the way to go, and yet that is exactly what Obama plans to impose. Not to be stopped by Congress, Obama is now poised to release his executive order on cybersecurity. While the President is busy spinning it as a “voluntary” public-private partnership that sets up best practices, the draft executive order is not truly voluntary.
The draft executive order  instructed regulators to search for their pre-existing authority on cybersecurity and then tells them that they “are encouraged to propose [cybersecurity] regulations.” Encouraging regulators to regulate is like encouraging high school boys to play more video games—they don’t need much encouragement to do what they already love doing.
The President will likely claim that the cost of inaction is too high and so he had to cut through the political deadlock to get something done. While the cost of inaction is high, the cost of taking the wrong action is even higher. Instead of making our cybersecurity woes better, Obama’s executive order promises to make them worse  and may even dissuade some in Congress from acting at all.
To top it all off, Obama will conveniently release this executive order the day after his State of the Union address. In an act of political gamesmanship, the President will go before Congress and tell them how it will be for the next four years: “Do what I want, or I will find a way to do it without you.”
Instead of political games and conveniently timed executive orders, Obama should work with Congress to craft dynamic cybersecurity solutions like information sharing. Sadly, focusing on policy might be the last thing on Obama’s mind tonight .
Article printed from The Foundry: Conservative Policy News from The Heritage Foundation: http://blog.heritage.org
URL to article: http://blog.heritage.org/2013/02/12/cybersecurity-executive-order-is-a-mistake-every-way-you-look-at-it/
URLs in this post:
 Image: http://blog.heritage.org/wp-content/uploads/cybersecurity-120706.jpg
 cybersecurity executive order: http://thehill.com/blogs/hillicon-valley/technology/282269-white-house-poised-to-release-cybersecurity-executive-order-on-wednesday
 highly flawed: http://blog.heritage.org/2012/11/02/cybersecurity-executive-order-touts-more-regulation-as-the-solution/
 Cyber Intelligence Sharing and Protection Act: http://www.heritage.org/research/reports/2012/01/rogers-ruppersberger-bill-a-solid-cybersecurity-approach
 good-faith effort: http://www.heritage.org/research/reports/2012/04/cyber-intelligence-sharing-and-protection-act-promotes-cybersecurity
 much less worthwhile: http://www.heritage.org/research/reports/2012/05/cyber-intelligence-sharing-and-protection-act-disappoints-in-the-end
 hurt our cybersecurity: http://www.heritage.org/research/reports/2012/06/cybersecurity-and-red-tape-more-regulations-not-the-answer
 Cybersecurity Act of 2012: http://www.heritage.org/research/reports/2012/07/cybersecurity-act-of-2012-revised-cyber-bill-still-has-problems
 make them worse: http://blog.heritage.org/2012/09/12/a-cybersecurity-executive-order-could-harm-security/
 mind tonight: http://blog.heritage.org/2013/02/12/morning-bell-obamas-state-of-the-union-promises-four-years-ago/
Copyright © 2011 The Heritage Foundation. All rights reserved.