Now that the dust of the elections has settled, and Congress is due back in session tomorrow, President Obama may soon add a signature to an Executive Order on Cybersecurity. That step by the White House depends on whether or not Congress will finally come to a decision on cybersecurity legislation that has been languishing in limbo. According to Amber Corrin of FCW.com, “no one denies the importance of cybersecurity legislation, it’s unclear how high of a priority it will be as the 2013 budget, sequestration, tax cuts and the Farm Bill, among other measures, compete for congressional attention. However, with Obama confirmed for another term in office, the potential for a cyber executive order looks increasingly likely, which would at least partially address cybersecurity regulation for the time being.”
Richard Lardner, writing for the Associated Press, lays out the basics of the expected executive order:
The draft order would put the Department of Homeland Security in charge of organizing an information-sharing network that rapidly distributes sanitized summaries of top-secret intelligence reports about known cyberthreats that identify a specific target. With these warnings, known as tear lines, the owners and operators of essential U.S. businesses would be better able to block potential attackers from gaining access to their computer systems.
An organized, broad-based approach for sharing cyberthreat information gathered by the government is widely viewed as essential for any plan to protect U.S. computer networks from foreign nations, terrorist groups and hackers. Existing efforts to exchange information are narrowly focused on specific industries, such as the finance sector, and have had varying degrees of success.
The White House has acknowledged that an order from the president, while legally binding, is not enough. Legislation is needed to make other changes to improve the country’s digital defenses. An executive order, for example, cannot offer a company protection from liabilities that might result from a cyberattack on its systems.
So, even if President Obama signs off on this executive order, Congress still needs to take up the issue. Although no one disagrees that legitimate threats to information systems exist, how to go about protecting infrastructure and business from those threats continues to be hotly debated. Chris Boggs, Chairman of the Search Engine Marketing Professionals Organization (SEMPO), had much to say on tech legislation last week on the Webcology radio show on Webmaster Radio. He said that, yes, some shepherding from Congress is necessary, but “you have a bunch of shepherds trying to make rules about baking bread. The bottom line is that you have the blind trying to lead the people that can see. The government is either unwilling or unable to educate itself about the internet and how people use it to effectively create law.” He went on to comment that if the tech/internet industry hopes to see legislation that actually works, they will need to have a voice in the process. There are plenty of amazing industry writers out there, but without some sort of organization it’s going to be difficult to make any real impact. SEMPO is working to become that industry voice.
What are your thoughts on the current state of cybersecurity? Is this something that can’t wait, and we need to see President Obama take action now? Or is it more important to get it right and let the congressional debate continue?