Despite repeated warnings about the national security threats posed by hackers, Congress failed to pass legislation this summer to protect vital computer networks from a cyberattack.
Now, President Obama is considering taking measures of his own.
The Obama administration has been circulating an executive order that would bypass Congress to accomplish the president’s goals of securing the country from the risk of a computer-based attack.
Experts have warned that critical infrastructure -- the power grid, gas pipelines and water supply and transportation systems -- are increasingly vulnerable to a cyberattack that could lead to severe economic loss, sustained blackouts or mass casualties.
In its current form, the executive order would allow federal agencies to propose new security standards for critical infrastructure and create a council of federal agencies that reports to the president on cyber threats, according to the Associated Press, which obtained a draft of the order.
Caitlin Hayden, a spokeswoman for the National Security Council, declined to comment on the draft.
“An executive order is one of a number of measures we’re considering as we look to implement the President’s direction to do absolutely everything we can to better protect our nation against today’s cyber threats,” Hayden told The Huffington Post.
After Congress failed to pass cybersecurity legislation this summer, the president was left with no other choice but to use his executive authority, according to Alan Paller, director of research for the SANS Institute, a cybersecurity training and research firm.
“For the president, inaction now on the executive order is tantamount to inviting debilitating attacks against our critical infrastructure,” Paller said Tuesday.
Last month, John Brennan, assistant to the president for Homeland Security, said the White House would “keep pushing” Congress to pass cyber legislation, “but we’re also going to do what we can under executive branch authorities.”
“I mean, if the Congress is not going to act on something like this, then the president wants to make sure that we’re doing everything possible,” Brennan said at the Council On Foreign Relations.
The 2012 Democratic National Platform also hinted at the president taking action of his own.
While Obama supported cyber legislation, “going forward, the President will continue to take executive action to strengthen and update our cyber defenses,” the platform states.
Some lawmakers support the move. Over the August recess, Sen. Dianne Feinstein (D-Calif.), who cosponsored a cybersecurity bill, wrote a letter to the president urging him to use his executive authority.
“I believe the time has come for you to use your full authority to protect the U.S. economy and the networks we depend on from future cyber attack,” she wrote.
She added there are several “meaningful, if limited, steps that can be taken now,” such as issuing cybersecurity standards that companies must meet and directing the NSA, CIA and Department of Homeland Security to begin sharing classified information with companies about cyber threats.
“The threats to our national and economic security are simply too great to wait for legislation,” she said.
But others have criticized the president for potentially acting without Congress. The Heritage Foundation, a conservative think tank, said an executive order would not give companies legal cover to share information about hackers without the fear of being sued.
An executive order “will do little to solve our cybersecurity woes and will likely only hinder Congress from moving forward on real solutions in the future,” the foundation said in a blog post.
In July, a Senate cybersecurity bill fell eight votes shy of the 60 votes needed to move past a Republican filibuster. The bill sought to protect computer networks running the power grid, gas pipelines and water supply and transportation systems from hackers by creating a set of security standards for companies to meet.
But Senate Republicans, led by Sen. John McCain (R-Ariz.), opposed the bill, siding with business lobbyists who claimed that any security standards would unfairly saddle businesses with costly regulations.