Sen. Collins: Cybersecurity Executive Order Would Be a Mistake

After Congress failed to pass cybersecurity legislation last summer, news emerged that the Obama administration was working on an executive order that would cover many of the failed bill’s goals.
 
Sen. Susan Collins, R-Maine, minority leader of the Senate Homeland Security and Governmental Affairs Committee, and co-sponsor of the failed Cybersecurity Act of 2012 bill, said Oct. 1 that a top down order would be a “mistake.”
 
“I understand and share the president’s frustration over the failure of Congress to act,” she said at a Woodrow Wilson Center panel on cybersecurity in Washington, D.C. “The executive order is a big mistake,” she added. She has asked President Obama not to pursue it.
 
Other senators, including the committee chairman, Joe Liebermann, I-Conn., who co-sponsored the bill with Collins, have urged the Obama administration to issue an executive order. Department of Homeland Security Secretary Janet Napolitano testified at a Senate hearing last month that the order was nearing completion.
 
The bill would have asked private sector companies that include critical infrastructures in their purview, such as utilities and banks, to share information about attacks on their networks. The bill originally would have made information sharing mandatory. It was changed to voluntary, but that was not enough to convince a single one of her Republican colleagues to change their “no” vote, Collins said.
 
A key provision in the bill is allowing these companies to share information without the threat of a lawsuit, she said. The executive order will not be able to provide liability protection, she said.
 
“It cannot grant the liability protections that are needed in order to encourage more participation by the private sector,” she said. “It simply cannot accomplish what legislation can.”
 
It does not reflect a consensus by Congress on what should be done, said Collins. She feared “that it could actually lull people into a false sense of security that we have taken care of cybersecurity.”
 
Anthony Romero, executive director of the American Civil Liberties Union, agreed that legislation is needed that can outlast the president. Any executive order that mandates the collection of data cross the federal government worries him.
“It’s not going to be President Obama forever,” he said. Executive orders have been done for good reasons in one administration and then used as a tool for bad actions in the next.
 
“It might come back to backfire on us, and it is just not going to solve the problem for a long-term issue,” he said.
 
Other panelists said the cyberthreat is real, it is growing worse, and the public has not really grasped the magnitude of the problem. Collins said she hoped that it wouldn’t take a “cyber 9/11” event to goad Congress to taking action after the fact.
 
Army Gen. Keith Alexander, commander of U.S. Cyber Command, said since adversaries will in all likelihood not be attacking the United States directly, they only have two ways to get at the homeland: Terrorism and cyber-intrusions.
 
He can see the progression from cybertheft, to disruptions such as denial of service attacks, to the possibility where real death and destruction along with wide-scale damage to the economy could occur. One way would be for an adversary to to take down electrical grids. “It is all within the realm of possibility,” he said.
 
“This is a big problem we have,” Alexander said. “We need to educate the American people, the government, Congress, everyone on that problem. We need a team approach and we need all of government to solve the problem, with industry, academia and our allies.”  
 
Collins added: “In all the years that I have been working on homeland security issues, I can’t think of another area where the threat is greater, and we have done less.”
Photo Credit: iStockphoto

Topics: Cyber, Cybersecurity