“An executive order is one of a number of measures we’re considering as we look to implement the president’s direction to do absolutely everything we can to better protect our nation against today’s cyberthreats,” White House spokeswoman Caitlin Hayden told Bloomberg Business Week in an e-mailed statement over the weekend; adding, “We are not going to comment on ongoing internal deliberations.”
If the White House follows through, this would not be the first time Obama has used an executive order to get around Congress. When the DREAM Act (giving legal status to students that had originally arrived in the country illegally) was rejected, Obama simply bypassed it by issuing instructions to stop deporting those who would have been protected by the act. In all, Obama has issued more than 100 executive orders.
Now many of the core requirements of the Cybersecurity Act could be imposed upon government agencies without the need for primary legislation. The hope will be that where the agencies lead, private business will follow voluntarily. The Office of Management and Budget is already working on security standards for federal computer systems and such guidelines could form the basis of standards for the private sector. Separately, the FCC has established a voluntary system for companies to share information about cyber threats with each other.
It is expected that the DHS will be the pivot of any executive order, but it is unclear how much actual authority it can be given. One suggestion is that Obama will seek to implement the greater part of the rejected Cybersecurity Act by issuing both an executive order and a presidential decision directive (PDD). PDDs are issued with the advice and consent of the National Security Council. They carry the legal weight of an executive order but are often secret or classified.
If Obama proceeds with this plan it will undoubtedly lead to criticism. His use of executive orders has already been denounced as ‘illegal power-grabs’. In this instance, Senator Susan Collins (R-Maine) – who with Senator Lieberman (I-Conn.) – introduced the initial Cybersecurity Act, said, “I'm not for doing by executive order what should be done by legislation.”