recommended reading

Former cybersecurity czar urges Obama to issue executive order to protect networks

White House photo

Absent congressional action on cybersecurity, President Obama should strongly consider issuing an executive order to help secure American computer networks from attack, a chief architect of the White House’s cybersecurity proposals told National Journal.

Former White House cybersecurity chief Howard Schmidt, who served in both the Obama and George W. Bush administrations, said on Thursday that an executive order could help update government network security as well as encourage businesses to secure their own systems.

“If there are things this Congress isn’t prepared to do, the president has a few options that he can move on,” he told National Journal in a phone interview.

The call for action mirrors statements by many other former and current officials, but Schmidt takes a more tempered view that has long set him apart from many of his colleagues.

Schmidt says he “has a hard time dealing with” claims that a “cyber 9/11” or “digital Pearl Harbor” could be just around the corner.

“As a veteran, it somehow does a disservice to those who have served to equate physical war with cyberwar,” he said.

Experts in government and industry alike have reported a tide of attacks aimed at stealing information from individuals, companies, and government agencies. Many top national-security officials, meanwhile, warn that a catastrophic attack on a critical system, such as those that run energy grids or chemical plants, could cause damage to the economy or even loss of life.

While serving in the White House, Schmidt was known for offering relatively low-key assessments of cyberthreats. And while he said he fully respects current officials, he advises them to temper their rhetoric.

“Using terms that make it a battlefield all the time doesn’t put cyberthreats in perspective and makes it difficult to have moderated conversation,” especially about business and economic threats, he added.

When asked what his first advice would be to whomever wins the presidential election in November, Schmidt said it would be to do more to fully substantiate the actual risk from cyberattacks.

Republican nominee Mitt Romney says he would order a review of cybersecurity issues during his first 100 days in office, and Obama is currently mulling what proposals could be included in a potential executive order.

Schmidt, who stepped down from the top cybersecurity post in May, said he and other officials discussed unilateral White House action as they prepared the administration’s legislative proposal, which was released last year and formed the blueprint for a Senate cybersecurity bill.

That Senate bill, however, remains bogged down in Congress, where Republicans argue it could establish a burdensome government regulatory system for private companies’ networks.

Although Schmidt said he is an “eternal optimist” who still hopes lawmakers can come together to act on cybersecurity, he isn’t holding his breath.

“Even though the flame hasn’t gone out, it’s pretty dim now,” he said. “With the election and everything else before the end of the year, I’d be really surprised if this gets the time it needs.”

Still, Schmidt noted that Obama could take steps to help secure networks without a bill from Congress. Among those potential changes are proposals that would increase information-sharing between government agencies as well as businesses and would help boost overall cybersecurity by making sure agencies adhere to security standards in their procurement and contracting processes.

Threatwatch Alert

Thousands of cyber attacks occur each day

See the latest threats


Close [ x ] More from Nextgov

Thank you for subscribing to newsletters from
We think these reports might interest you:

  • Featured Content from RSA Conference: Dissed by NIST

    Learn more about the latest draft of the U.S. National Institute of Standards and Technology guidance document on authentication and lifecycle management.

  • PIV- I And Multifactor Authentication: The Best Defense for Federal Government Contractors

    This white paper explores NIST SP 800-171 and why compliance is critical to federal government contractors, especially those that work with the Department of Defense, as well as how leveraging PIV-I credentialing with multifactor authentication can be used as a defense against cyberattacks

  • Toward A More Innovative Government

    This research study aims to understand how state and local leaders regard their agency’s innovation efforts and what they are doing to overcome the challenges they face in successfully implementing these efforts.

  • From Volume to Value: UK’s NHS Digital Provides U.S. Healthcare Agencies A Roadmap For Value-Based Payment Models

    The U.S. healthcare industry is rapidly moving away from traditional fee-for-service models and towards value-based purchasing that reimburses physicians for quality of care in place of frequency of care.

  • GBC Flash Poll: Is Your Agency Safe?

    Federal leaders weigh in on the state of information security

  • Data-Centric Security vs. Database-Level Security

    Database-level encryption had its origins in the 1990s and early 2000s in response to very basic risks which largely revolved around the theft of servers, backup tapes and other physical-layer assets. As noted in Verizon’s 2014, Data Breach Investigations Report (DBIR)1, threats today are far more advanced and dangerous.


When you download a report, your information may be shared with the underwriters of that document.