President Barack Obama’s administration will soon submit priorities for cybersecurity legislation to Congress to build on an executive order issued earlier this month, a White House spokeswoman said.
“Although this executive order will help raise the nation’s cyber defenses, it does not obviate the urgent need for legislation,” Caitlin Hayden, the spokeswoman, said yesterday by e-mail. She didn’t specify the priorities or the timeframe for sending them to Congress.
Obama’s Feb. 12 order outlined policies for wider sharing of government data on hacking with companies, particularly operators of vital infrastructure such as power grids. The order directs the government to develop voluntary cybersecurity standards for those businesses and instructs U.S. agencies to consider adding the standards to existing rules.
Cyber espionage targeting U.S. companies gained renewed attention last week when network security firm Mandiant Corp. reported that the Chinese army may be behind a hacking group that has attacked at least 141 companies worldwide since 2006.
Obama’s order reflected provisions of Senate legislation blocked last year by Republicans after being opposed by the U.S. Chamber of Commerce, the nation’s largest business lobby. Opponents said the voluntary standards envisioned under the bill would amount to burdensome regulation and would fail to keep pace with evolving threats in cyberspace.
Legislation beyond the executive order is needed to protect critical U.S. networks from cyber-attack, Michael Daniel, the White House’s cybersecurity coordinator, said yesterday at a computer-security conference in San Francisco.
“An executive order is actually very limited in what it can do,” Daniel said. “We definitely need Congress to act and to update our laws and our statutes.”
Daniel didn’t elaborate and wasn’t available for an interview after speaking.
Since the order’s release, Obama administration officials have said they support certain liability protections for companies that incorporate the voluntary standards and share cyber-threat information with the government and each other.
Congress should also pass legislation to update federal agency computer-security rules and create a national data-breach reporting requirement, Hayden said in a Feb. 21 e-mail.
House Intelligence Committee Chairman Mike Rogers, a Michigan Republican, and the panel’s top Democrat, Representative C.A. “Dutch” Ruppersberger of Maryland, reintroduced a proposal Feb. 13 to give legal protection for companies that share cyber threat information with each other and the government.
The Rogers-Ruppersberger bill passed the House last April and failed to advance in the Senate after Obama threatened a veto, saying the measure didn’t go far enough to boost computer defenses and failed to protect the privacy of consumer data.
The White House has declined to comment on the reintroduced Rogers-Ruppersberger bill while saying any cybersecurity measure must incorporate privacy and civil-liberties protections.
Administration officials including U.S. Intellectual Property Enforcement Coordinator Victoria Espinel pledged last week to put diplomatic pressure on countries implicated in the theft of trade secrets and to seek stronger international enforcement of intellectual-property protections.
To contact the editor responsible for this story: Bernard Kohn at email@example.com