WASHINGTON (Reuters) - The White House is exploring whether to issue an executive order to protect the nation’s critical computer infrastructure following Congress’ failure to act earlier this month, White House homeland security adviser John Brennan said Wednesday.
Brennan was not explicit as to the timing, content or certainty of such an order, but he and other sources made it clear it was being actively discussed.
“One of the things that we need to do in the executive branch is to see what we can do to maybe put additional guidelines and policies in place under executive branch authority,” Brennan said in remarks to the Council on Foreign Relations.
“I mean if the Congress is not going to act ... then the president wants to make sure that we are doing everything possible,” Brennan said.
Asked specifically whether he was referring to executive orders, Brennan said such orders from the president would be a “good vehicle” to direct government agencies to take action “to make sure the nation is protected.”
A White House aide later said President Barack Obama had not actually signed such an order but it was something that was under consideration.
Brennan’s comments, and similar suggestions earlier this month by White House press secretary Jay Carney, follow an August 2 procedural vote in the Senate that all but doomed a cyber security bill endorsed by President Obama as well as current and former national security officials from both Republican and Democratic administrations.
The legislation was among the most heavily lobbied of the past session by both critics and supporters, with battle lines that crossed party boundaries and divided the business community. The Silicon Valley Leadership Group, representing more than 375 companies, tended to favor it, for example, while IBM did not.
The Senate bill had already been softened to meet objections of both business interests and privacy advocates.
Among other things, it would have created voluntary cyber security standards for critical infrastructure companies, and let businesses and government share information to allow them to better assess and anticipate threats to computer systems that operate water, energy and other utilities.
The U.S. Chamber of Commerce made it one of its “key votes” on which it will judge members of Congress, saying it was yet another burdensome form of government regulation that would be ineffective.
Legal experts believe some elements of the Senate bill could in fact be implemented by executive order.
“The president can say we can’t wait, and I‘m going to do what Congress can’t and protect the American people from cyber attacks,” said Stewart Baker, a former senior official at the Department of Homeland Security and now a cyber security expert at the law firm Steptoe and Johnson.
“In an election year, that sounds like a pretty promising approach,” Baker said.
An executive order, Baker said, could call on the Department of Homeland Security to encourage critical infrastructure facilities to adopt voluntary standards as part of the agency’s current authority over cyber security.
The White House could not enforce the standards, he said, but neither would legislation as the Senate stripped enforcement provisions from its bill to appeal to the Chamber of Commerce.
Responding to the prospect of an executive order, Matthew Eggers, senior director of National Security and Emergency Preparedness at the Chamber, said it “would be counterproductive and would cut short the proper legislative process, which needs to continue.”
“A new order,” he added, “would cast aside legitimate industry concerns and could trigger actions hindering greater public-private collaboration.”
Eggers also said it would “not automatically lead to greater security; just the opposite.”
The legislation would have allowed companies and the government to share information about hacking, which would be more difficult to do through an order, Baker said.
It also offered liability protections as an incentive to companies to adopt the standards.
Baker suggested an executive order could provide such incentives through repurposing the SAFETY Act, a current law that limits the legal liability of companies hit by acts of terrorism that have government-approved anti-terrorism products and services in place.
Privacy groups also opposed the Senate bill and are credited with influencing six Democrats who voted alongside Republicans to block Senate Majority Leader Harry Reid’s attempt to avert a filibuster of the bill.
These groups saw too many threats to privacy and civil liberties in the legislation, particularly provisions that would allow companies to monitor private communications and pass that data to the government.
Rainey Reitman, activism director at the Electronic Frontier Foundation, said “our primary concerns” with the legislation involved the information-sharing sections.
“As far as I know, Obama won’t attempt to address information sharing with an executive order,” she said. “If Obama wants to issue an executive order that doesn’t implicate civil liberties or overstep the authority of the executive branch, then we have no criticism of that.”
While some senators have said they will try again in September to get a bill passed, most analysts see little chance of both Houses acting before the 112th Congress comes to an end in January.
Republicans have repeatedly blasted Obama for wielding his executive powers to make what they consider end runs around Congress. Most recently, they criticized the administration’s decision to adjust immigration policies in order to shield young illegal immigrants from deportation.
Reporting By Tabassum Zakaria; Editing by Fred Barbash and Todd Eastham