A senior senator is reminding the White House that any executive order addressing cybersecurity should only focus on those systems and networks critical to public safety.
Sen. Ron Wyden (D-Ore.), a member of the Select Committee on Intelligence, wrote in a letter to Michael Daniel, the White House cyber coordinator, yesterday detailing his views about what such a mandate should address.
“I support efforts to create meaningful incentives for owners and operators of critical infrastructure to employ adequate security protocols,” Wyden wrote. “In the case of interactive computer services, such as networks that facilitate commerce, provider search services or are platforms for social networking or speech, vulnerabilities are unlikely to constitute threats to our national security. It should be clear in any executive order related to cybersecurity that there is a fundamental difference between networks that manage infrastructure critical to public safety, like energy, water and transportation systems, and those that provide digital goods and services to the public.”
Wyden told Daniel that an order impacting the interactive computer services would be “a profound mistake” because it could stifle innovation, creativity and job growth.
The White House is drafting a cybersecurity executive order that would focus on voluntary standards for critical infrastructure owners and operators. The draft EO closely follows the second version of the comprehensive cyber legislation introduced by Sens. Joseph Lieberman (I-Conn.) and Susan Collins (R- Maine) in July.
Wyden’s letter adds to a chorus of lawmakers and other experts who are chiming in over the need or the concerns about a cyber order.
Collins said an EO shouldn’t be a substitute for legislative action.
But another supporter of the Lieberman-Collins bill, Sen. Dianne Feinstein (D- Calif.), said in a late August letter to President Barack Obama that an executive order is necessary to protect the nation’s critical infrastructure.
“While an executive order cannot convey protection from liability that private sector companies may face, your administration can issue cybersecurity standards and provide technical assistance to companies willing to take voluntary steps to improve their security,” she wrote. “You can also direct the Intelligence Community and the Department of Homeland Security to provide as much information as possible to the private sector about cyber threats, including classified information. These are meaningful, if limited, steps that can be taken now. The threats to our national and economic security are simply too great to wait for legislation.”
Former White House cyber coordinator Howard Schmidt, who left in May, said recently the EO should focus on directing agencies to tighten cybersecurity requirements, especially around acquisition and communication with the private sector.
A White House spokeswoman said she wouldn’t comment on “ongoing internal deliberations,” but said the administration has received a number of letters from lawmakers calling for an executive order.
“An executive order is one of a number of measures we’re considering as we look to implement the President’s direction to do absolutely everything we can to better protect our nation against today’s cyberthreats,” she said.