Former cybersecurity czar urges Obama to issue executive order to protect networks

Absent congressional action on cybersecurity, President Obama should strongly consider issuing an executive order to help secure American computer networks from attack, a chief architect of the White House’s cybersecurity proposals told National Journal.

Former White House cybersecurity chief Howard Schmidt, who served in both the Obama and George W. Bush administrations, said on Thursday that an executive order could help update government network security as well as encourage businesses to secure their own systems.

“If there are things this Congress isn’t prepared to do, the president has a few options that he can move on,” he told National Journal in a phone interview.

The call for action mirrors statements by many other former and current officials, but Schmidt takes a more tempered view that has long set him apart from many of his colleagues.

Schmidt says he “has a hard time dealing with” claims that a “cyber 9/11” or “digital Pearl Harbor” could be just around the corner.

“As a veteran, it somehow does a disservice to those who have served to equate physical war with cyberwar,” he said.

Experts in government and industry alike have reported a tide of attacks aimed at stealing information from individuals, companies, and government agencies. Many top national-security officials, meanwhile, warn that a catastrophic attack on a critical system, such as those that run energy grids or chemical plants, could cause damage to the economy or even loss of life.

While serving in the White House, Schmidt was known for offering relatively low-key assessments of cyberthreats. And while he said he fully respects current officials, he advises them to temper their rhetoric.

“Using terms that make it a battlefield all the time doesn’t put cyberthreats in perspective and makes it difficult to have moderated conversation,” especially about business and economic threats, he added.

When asked what his first advice would be to whomever wins the presidential election in November, Schmidt said it would be to do more to fully substantiate the actual risk from cyberattacks.

Republican nominee Mitt Romney says he would order a review of cybersecurity issues during his first 100 days in office, and Obama is currently mulling what proposals could be included in a potential executive order.

Schmidt, who stepped down from the top cybersecurity post in May, said he and other officials discussed unilateral White House action as they prepared the administration’s legislative proposal, which was released last year and formed the blueprint for a Senate cybersecurity bill.

That Senate bill, however, remains bogged down in Congress, where Republicans argue it could establish a burdensome government regulatory system for private companies’ networks.

Although Schmidt said he is an “eternal optimist” who still hopes lawmakers can come together to act on cybersecurity, he isn’t holding his breath.

“Even though the flame hasn’t gone out, it’s pretty dim now,” he said. “With the election and everything else before the end of the year, I’d be really surprised if this gets the time it needs.”

Still, Schmidt noted that Obama could take steps to help secure networks without a bill from Congress. Among those potential changes are proposals that would increase information-sharing between government agencies as well as businesses and would help boost overall cybersecurity by making sure agencies adhere to security standards in their procurement and contracting processes.