Presidential cybersecurity executive order expected Wednesday

The executive order is expected to be announced after Tuesday’s State of the Union address to Congress, and implies a lack of confidence that CISPA will succeed – although Obama himself criticized and threatened to veto CISPA last year. By taking the executive order route he can bypass Congress and, to a degree at least, get what he wants – which, confusingly, seems to be largely what CISPA seeks.

The constitutional validity of executive orders has long been questioned. They are designed to help government manage government, and have the full force of law within the executive branch. Their strength outside of federal agencies is less clear, and it is noticeable that the proposed cybersecurity order is expected to direct federal agencies, and encourage business. However, once federal agencies behave in a particular way, business is likely to follow; and future legislation becomes easier. “I think this can fairly be described as a down payment on legislation,” said Stewart Baker, former National Security Agency general counsel, according to Reuters.

The two primary functions of the order are the implementation of required security standards and improved data sharing. “The order directs federal agencies to consider incorporating the cybersecurity standards into existing regulations,” reports Bloomberg. “It directs the government to share more information about computer threats with the private sector and issue more security clearances allowing industry representatives to receive classified information.”

“Our biggest issue right now is getting the private sector to a comfort level so they can report anomalies, malware, incidents within their network” without undue fear of being ‘outed’ as victims, said FBI Executive Assistant Director Richard McFeely, head of the Criminal, Cyber, Response and Services Branch.

The Department of Homeland Security (DHS) is expected to be given the lead role by the order, further increasing its authority and powers. It is expected to be tasked with setting up the process for sharing threat information between government and industry, and for protecting critical infrastructure. DHS already has frequent clashes with civil liberties groups. On Friday the ACLU announced that it issued an FoI request for the full DHS “Civil Rights and Civil Liberties Impact Assessment – Border Searches of Electronic Devices” after the agency released a 2 page summary.

ACLU is warning that DHS agents will consider that the US border extends 100 miles inland. The point at issue is that Fourth Amendment rights do not apply at the border – allowing agents to seize electronic devices such as phones, tablets and laptops at will and without warrant. Approximately two-thirds of the entire population live within 100 miles of the border.

What’s Hot on Infosecurity Magazine?