GOP Senators Warn Obama on Executive OrderLawmakers Say They're Committed to Legislative Process
A group of Republican senators warned President Obama not to issue an executive order to create voluntary IT security standards, saying unilateral action from the White House would aggravate the existing divide among lawmakers that prevented a vote on the Cybersecurity Act of 2012 in August.
"Rather than build confidence and unity among key stakeholders, an executive order will solidify the present divide. Only the legislative process can create the durable and collaborative public-private partnership we need to enhance cybersecurity," the senators said in a letter dated Oct. 2 and sent to Obama. Sens. Dan Coats of Indiana, Saxby Chambliss of Georgia, John McCain and Jon Kyl of Arizona, Kay Bailey Hutchison of Texas and Roy Blunt of Missouri - backers of an alternative cybersecurity bill, the SECURE IT Act - signed the letter.
The six Republican senators, in their letter, contend an issue as far-reaching and complicated as cybersecurity requires all stakeholders to work together to develop an enduring legislative solution through formal consideration and approval by Congress. They said they remain committed to the legislative process and urged Obama to work with Congress rather than issue the executive order.
"We share the concerns expressed by you and many members of Congress regarding the danger of cyberattacks against the U.S. government and national critical infrastructure," the letter said. "While the Senate has yet to reach an agreement on the best way to enhance cybersecurity, we firmly agree on the need to maintain congressional prerogative when dealing with broad and challenging issues like cybersecurity.
"The gravity of this threat requires a genuine bipartisan effort to advance legislation, not a selective and unilateral executive order, which simply cannot provide the incentives to encourage private sector participation and the requisite information sharing to address evolving threats."
Both sides agree that an executive order could not provide the legal protections to critical infrastructure owners to share information with the government and each other; only legislation could provide those safeguards.
The White House began preparing an executive order days after nearly all GOP senators, joined by a handful of Democrats, in early August blocked a vote on the Cybersecurity Act of 2012, which in part would have provided for the voluntary IT security standards [see WH Moves Closer to Issuing Infosec Executive Order . Three key Senate sponsors of the Cybersecurity Act - Connecticut Independent Democrat Joseph Lieberman [Lieberman's Last Hurrah on Cybersecurity] and Democrats Dianne Feinstein of California [Obama Urged to Take Solo Action on Cybersecurity] and Jay Rockefeller of West Virginia [A Cybersecurity Dream Act] - have urged Obama to issue the executive order. Another Cybersecurity Act sponsor, Republican Susan Collins of Maine, had recommended the president not issue the executive order [see 'We Can't Wait' for Cybersecurity].
When early versions of what would become the Cybersecurity Act of 2012 began to circulate last year, it contained provisions for government regulation of critical infrastructure owners. But with strong opposition from most Republicans, the sponsors excised those provision from the bill and substituted them with a process in which the government and business would collaborate on developing best IT security practices that critical infrastructure owners could voluntarily adopt.
Still, most Republicans oppose even voluntary standards, fearing that could lead to mandatory standards. Instead, the Republicans offered the SECURE IT Act, which had no provisions for government involvement for standards and - unlike the Cybersecurity Act - did not grant the Department of Homeland Security additional authority to oversee civilian agency IT security [see Compromise in Air over Cyber Bill].