President Obama makes key compromise in cybersecurity executive order

The latest draft of the president's executive order creates provisions that distinguish between critical infrastructure and private networks. 


Kevin Collier


Published Oct 22, 2012   Updated Jun 2, 2021, 9:01 am CDT

A new draft of President Obama’s widely criticized executive order on cybersecurity might appease both hardliners who want the government to be able to freely access networks under hacker attack and privacy advocates who say there’s no excuse to allow government agencies to see their private information.

The executive order, which is based on the Cybersecurity Act of 2012 (CSA)—Obama’s preferred cybersecurity bill, which failed in the Senate in August—has been targeted for many reasons, particularly by Republicans in Congress who find it weak. Some worry that Obama would issue a unilateral order on an issue Congress can’t agree on; others argue that it would force companies to adopt better cybersecurity, an undue financial strain. The most oft-repeated argument, though, is that the U.S. can only be truly safe if its networks can freely share information with government agencies like the Department of Homeland Security and NSA. In other words, they’re only happy with an order that’s essentially the same as the Cyber Intelligence Security Protection Act (CISPA), which passed the House in April.

Privacy advocates, on the other hand, are fearful of the executive order for the exact opposite reason—that it would resemble CISPA. They don’t want Department of Homeland Security (or the NSA or the FBI) to have extended powers to snoop through networks, so much so that many celebrated the defeat of the Cybersecurity Act, even with CISPA looming.

However, a new draft of the executive order, obtained by the Associated Press and released Saturday, indicates that Obama is now willing to make the exact concession that Senator Ron Wyden has called for: to use CISPA-like provisions for networks related to critical infrastructure (like power grids and railroads) and to leave private networks (like Google, and all social media) alone.

The draft puts the Department of Homeland Security in charge of identifying which systems could, if hit by cyberattack, “reasonably result in a debilitating impact” on the country.

The White House is still mum on when Obama will actually sign the order, even though Homeland Security Secretary Janet Napolitano said it was “close to completion” in September. Regardless of when—or if—the order goes through, it won’t be the last of this debate: CISPA is still awaiting a Senate vote; John McCain (R-Ariz.) has proposed a Senate version of CISPA called the Secure IT Act, and Senate Majority Leader Harry Reid (D-Nev.) announced in October he planned to introduce his own cybersecurity bill.

Photo via Wikimedia Commons

Share this article
*First Published: Oct 22, 2012, 12:47 pm CDT