Politics of Cyber Security
Just before the August recess, efforts to pass cyber security legislation stalled in Congress. Considering the bills under consideration were counterproductive (House critique / Senate critique), the lack of movement is welcome.
But as President Obama frequently reminds us, he cannot wait. According to National Journal, the Obama administration “is weighing the pros and cons of using an executive order to do what Congress hasn’t.” There are, of course, political and policy implications for issuing an executive order:
An executive order could give Obama the chance to take a strong stand on a rising national-security concern while portraying Republicans in Congress as ditherers.
But an order is unlikely to accomplish all of the White House’s aims. It couldn’t hand DHS wider authority to ensure that certain private networks are secure. Nor could it entirely ease legal restrictions that prevent businesses from sharing threat information. Even policy changes for some federal network-security policies would likely need congressional action. Additionally, any action would need to avoid inciting privacy watchdogs who fear cybersecurity could be used as an excuse to undermine civil liberties.
Clearly, this would be little more than a political message. And as Heritage explains, the best approach is a private sector approach:
Congress should reject any effort to create a new regulatory system for cybersecurity. Furthermore, it should strengthen protections for private-sector actors in order to authorize and incentivize the sharing of cyber threat and vulnerability information.
With kids heading back to school and the conventions just around the corner, it is easy to be distracted. But we must remember that Washington never sleeps and unelected bureaucrats are always plotting. Vigilance is the word, especially on something as wide ranging as cyber security.