recommended reading

White House weighs executive order on cybersecurity

White House photo

A week after cybersecurity legislation stalled in the Senate, a senior Obama administration official said on Wednesday that the White House is weighing an executive order to help bolster the nation’s critical infrastructure from cyberattacks.

Following a speech at the Council on Foreign Relations, John Brennan, the White House homeland security and counterterrorism adviser, said the president has urged officials to continue to look for ways to use existing authority to bolster the nation’s cyberdefenses. His comments came a week after the Senate blocked cybersecurity legislation aimed at enhancing protection of the nation’s critical infrastructure from cyberattack. 

“If the Congress is not going to act on something like this, then the president wants to make sure we’re doing everything possible,” Brennan said. “President Obama has told us after the Collins-Lieberman bill didn’t go forward to keep at it and keep pushing, and we are going to keep pushing on the Congress, but also we’re going to do what we can under executive-branch authorities.”

He did not say what actions the White House is considering, but former Homeland Security Department official Stewart Baker, a partner at Steptoe and Johnson, said that some of what was included in the Senate bill aimed at protecting the nation’s power grid, transportation systems, and other critical infrastructure could be addressed using existing authority.

“By the time the Senate was done giving things away to the [U.S. Chamber of Commerce] and the privacy lobbies, [the bill wasn’t] doing too much more than we could do with existing authority,” Baker said in an interview on Wednesday.

At least one lawmaker has called on the White House to act on its own given the inability of Congress so far to pass cybersecurity legislation. Rep. Edward Markey, D-Mass., wrote Obama on Wednesday calling on him to issue an executive order that would ensure utilities take necessary steps to protect the nation’s power grid from cyberattack.

“We should not wait for a crippling terrorist attack on our grid before we act,” Markey wrote. “If congressional Republicans insist on fully entrusting the safety of our grid to a utility industry that is ill-equipped to adequately and uniformly respond to threats and vulnerabilities that are of paramount importance to national security, then you can and must take action to mitigate these threats and vulnerabilities to the extent possible by executive order.”

The nation’s power grid is already under strain from the heat wave gripping most of the country but utilities and other critical infrastructure also are a prime target of hackers, Markey and Brennan both noted.

“The critical infrastructure of this country is under threat,” Brennan said. “We have to improve our defenses on this issue.”

Threatwatch Alert

Network intrusion / Stolen credentials

85M User Accounts Compromised from Video-sharing Site Dailymotion

See threatwatch report

JOIN THE DISCUSSION

Close [ x ] More from Nextgov
 
 

Thank you for subscribing to newsletters from Nextgov.com.
We think these reports might interest you:

  • Data-Centric Security vs. Database-Level Security

    Database-level encryption had its origins in the 1990s and early 2000s in response to very basic risks which largely revolved around the theft of servers, backup tapes and other physical-layer assets. As noted in Verizon’s 2014, Data Breach Investigations Report (DBIR)1, threats today are far more advanced and dangerous.

    Download
  • Featured Content from RSA Conference: Dissed by NIST

    Learn more about the latest draft of the U.S. National Institute of Standards and Technology guidance document on authentication and lifecycle management.

    Download
  • PIV- I And Multifactor Authentication: The Best Defense for Federal Government Contractors

    This white paper explores NIST SP 800-171 and why compliance is critical to federal government contractors, especially those that work with the Department of Defense, as well as how leveraging PIV-I credentialing with multifactor authentication can be used as a defense against cyberattacks

    Download
  • Toward A More Innovative Government

    This research study aims to understand how state and local leaders regard their agency’s innovation efforts and what they are doing to overcome the challenges they face in successfully implementing these efforts.

    Download
  • From Volume to Value: UK’s NHS Digital Provides U.S. Healthcare Agencies A Roadmap For Value-Based Payment Models

    The U.S. healthcare industry is rapidly moving away from traditional fee-for-service models and towards value-based purchasing that reimburses physicians for quality of care in place of frequency of care.

    Download
  • GBC Flash Poll: Is Your Agency Safe?

    Federal leaders weigh in on the state of information security

    Download

When you download a report, your information may be shared with the underwriters of that document.