Posted 2 years ago on Sept. 24, 2012, 11:43 p.m. EST by richardkentgates
This content is user submitted and not an official statement
SAN FRANCISCO (Reuters) - The White House is preparing to direct federal agencies to develop voluntary cybersecurity guidelines for owners of power, water and other critical infrastructure facilities, according to people who said they had seen recent drafts of an executive order.
The prospective order would give the agencies 90 days to propose new regulations and create a new cybersecurity council at the Department of Homeland Security with representatives from the Defense Department, Justice Department, Director of National Intelligence and the Department of Commerce, a former government cyber-security official told Reuters.
"It tells those who have the ability to regulate to go forth and do so," said the person, who is currently outside the government and spoke on condition of anonymity in order to preserve access to government officials.
The draft executive order includes elements of what had been the leading cybersecurity overhaul bill in the Senate, which was defeated this summer amid opposition from industries opposed to increased regulation.
Senate Homeland Security Committee Chairman Joe Lieberman, an independent and one of the principal authors of that bill, on Monday urged the White House to issue such an order.
"The Department of Homeland Security has clear authority, if directed by you, to conduct risk assessments of critical infrastructure, identify those systems or assets that are most vulnerable to cyber attack and issue voluntary standards for those critical systems or assets to maintain adequate cybersecurity," Lieberman wrote to President Barack Obama.
The document has been circulating among the agencies and might go to top officials for their comments as soon as this week, another person involved in the process said.
A spokeswoman for the administration's National Security Council, Caitlin Hayden, confirmed that an order was being considered but would not provide details. "We're not commenting on the elements," Hayden said.
Former White House cybersecurity policy coordinator Howard Schmidt said the proposed order would also ask DHS to confer with independent agencies, such as electric regulators and others that don't answer to the president, to see who would take responsibility on cybersecurity.
The hope, said Schmidt, who has seen a recent draft, is that if those agencies won't let DHS act they would do it themselves, as the Securities and Exchange Commission did in October when it issued guidance on when companies should disclose cyber attacks.
The Commerce Department and the Pentagon declined to comment. Spokespeople for Lieberman and for Senator John Rockefeller, another Democratic leader on the issue who has asked for an executive order, said their offices had not been given copies of the draft.
Cybersecurity has become a major issue in Congress and for the White House, with intelligence officials warning of constant exploration of protected computer systems by hackers and both past incursions and the likelihood of more damaging future attacks on electric plants, banks and stock exchanges.
As of two weeks ago, the planned order did not include any penalties for companies that fail to adhere to the standards. or rewards for those who do. "There are no carrots or sticks," one person with a recent copy said.
If the order emerges before the election in November, it could become an issue in the campaign. Leading Republicans faulted the Lieberman bill as too onerous. The U.S. Chamber of Commerce, which also criticized that bill, declined to comment on Monday on the merits of a prospective order.
But Lieberman said his bill had been watered down in pursuit of a compromise and asked in his letter Monday that Obama explore means for making the standards mandatory.
Both Lieberman and administration officials have said they will still seek legislation, which could go further in many ways. It might, for example, provide liability protection for companies that share information with government officials or that meet the standards but still get hacked.
I'm not interested in the police state argument here although it does apply as it's DHS that is being charged with managing the regulation so this EO goes far beyond a typical add-on of a simple bureaucratic office. This EO does however, in addition to the police state argument, adds regulations that stifle small up-starts and the self employed.
The article states that initially there will be no fines or fees for non-compliance but we've seen this slippery slope before and when the fees do materialize, the hype will be gone and businesses will silently pay the cost. Those that cannot will give way to large corporations that can, furthering the corporate takeover of the internet in this case. Could Mark Zuckerberg have created facebook with thousands of dollars worth of fees and lawyer costs to even understand his legal liability for his social network? The answer is no, there would be no facebook and probably no myspace or twitter.
It's pretty well understood on this forum that I'm what the 1% call the little people, aka poor. This is my golden ticket http://mcms.richardkentgates.com Just finished it a few days ago. I started work on it shortly after I found this forum almost a year ago. This EO and any of the proposed legislation to do with cyber security that has thus far been offered, is a threat to the success of my social mobility because of red-tape roadblocks and potential fees and/or additional operating costs. I cook for a living, I just ain't got the extra money.
It is also in this example where you can see both Republicans and Democrats as creating potential problems and solutions for me on this issue.