Cybersecurity executive order should clearly exclude some sectors, says Lofgren


Calls from Congress for President Obama to issue an executive order on private sector cybersecurity are being tempered with appeals that it clearly exclude some business sectors.

Homeland Security Secretary Janet Napolitano told a Sept. 19 Senate panel that such an order "is close to completion." Sen. Joe Lieberman (I-Conn.), chair of the committee Napolitano appeared before, issued Sept. 24 a letter urging Obama to explore "any means at your disposal that would encourage regulators to make mandatory" cybersecurity standards on operators of critical infrastructure.

Lieberman-sponsored legislation that stalled earlier this year would have had critical infrastructure coordination councils propose voluntary cybersecurity practices, although opponents charged the bill would de facto make the practices mandatory.

The language regarding voluntary adoption was made "in the interest of finding compromise," Lieberman states in his Sept. 24 letter. Existing regulatory authorities could permit the issuance of mandatory practices, Lieberman states, an assertion also made by Napolitano during her Sept. 19 testimony.

However, Rep. Zoe Lofgren (D-Calif.) in a Sept. 20 letter (.pdf) says the administration should be careful to "focus any such executive order on genuinely critical infrastructure."

Internet companies that provide social networking, search engines and e-commerce networks should be clearly excluded, Lofgren states. Imposing standards on firms that provide those services could have a negative impact on free expression and privacy, as well as add to business operating costs and decrease innovation, she adds. Regulating those industries would also "divert attention away from actions that are central to the functioning of American society and public safety."

For more:
- read Lieberman's Sept. 24 letter
- download Lofgren's Sept. 20 letter (.pdf)

Related Articles:
Cybersecurity executive order nearly complete, Napolitano says
Feinstein urges White House to issue executive order on cybersecurity
Cybersecurity bill won't advance in Senate
FERC official decries lack of mandatory power for emergencies