Congress appears gridlocked on a cybersecurity bill to protect power grids and other critical infrastructure, so President Obama is considering an executive order.
With Congress apparently deadlocked on cybersecurity legislation, the Obama administration is actively weighing an executive order that would give federal agencies authority to begin protecting computer networks that control the nation's critical infrastructure – such as power grids, refineries, and water facilities – against cyberattack.
An executive order could not be as sweeping as congressional legislation, but top Democrats are increasingly urging President Obama to take whatever action he can, sensing that compromise on a bill currently in the Senate looks unlikely in the near term.
The order could help the Department of Homeland Security (DHS) better protect federal networks, as well as establish a system of information sharing on potential threats among federal government agencies and private companies. But the participation of private companies would be voluntary, and many might be loath to submit their networks to testing by DHS without the promise of protection from financial liability in the event of a devastating cyberattack – something possible only in a congressional bill.
Indeed, an executive order would involve complications, sources say.
"They're meeting on this right now, thinking about what would actually be included in such an order," says one source familiar with the meetings, but who spoke with the Monitor only on condition of anonymity.
"One obstacle is that DHS wants more authority than it has, but since there's limited authority in the law for DHS – and [Obama] can't just make it up," the source adds. "Still, there are voluntary measures and incentives that could be implemented."