GOP Reps Urge Obama Not to Issue Executive Order46 House Republicans Sign Letter Opposing 'Top-Down' Standards
A letter signed by 46 Republican members of the House of Representatives, dated Dec. 21, cautions President Obama from issuing an executive order on cybersecurity.
That order, which could be issued in the coming weeks, would establish a process in which the federal government and industry develop security standards that the mostly private owners of the nation's critical IT infrastructure could voluntarily adopt.
The letter - written by Reps. Marsha Blackburn, R-Tenn., and Steve Scalise, R-La., and signed by 44 of their colleagues - says the executive order would issue top-down standards in such a non-transparent fashion and set a dangerous precedent.
"Imposing a backdoor regulatory framework through executive order will not solve our cybersecurity challenges," the letter states. "We urge you to find common ground and work with Congress on real solutions."
The Obama administration began drafting an executive order last summer when the Senate failed to adopt the Cybersecurity Act of 2012 because of a Republican-led filibuster [see Senate, Again, Fails to Halt Filibuster]. The order, if issued, is expected to adopt some of the provisions in the failed bill that do not require enactment of a new law [see Exec Order Could Ease Cybersecurity Bill Passage].
The chief sponsors of the Cybersecurity Act, except for Republican Sen. Susan Collins of Maine, have urged the president to issue the executive order.
House Cybersecurity Caucus Co-Chair Jim Langevin, D-R.I., supported the Senate bill and voted for a Republican version of cybersecurity earlier this year, and he's among lawmakers calling for issuance of an executive order to address what he perceives as weaknesses in the nation's critical infrastructure, including IT security standards.
Still, Langevin says, "we must recognize that unilateral action will fall short of what legislation could accomplish to secure our most vulnerable and valuable private and public networks."
When the Cybersecurity Act was first introduced, it called for federal government regulation of critical IT infrastructure, such as financial systems and energy distribution networks. But when Republican legislators vehemently objected to the regulation, the bill's sponsors rewrote those provisions to provide for the joint government-industry creation of IT security best practices, thinking that would be a compromise the GOP could accept.
Yet, nearly all Republican lawmakers in both chambers who expressed an opinion on the matter even objected to voluntary IT standards, which they contend could be the beginning of a slippery slope toward regulation, which they believe would be ineffective and stifle innovation.
"Beyond the bad policy of putting government in charge of setting standards, issuing an executive order is also bad process," Blackburn says in a statement accompanying the letter. "We're asking the White House to work with us instead of forcing their top-down regulations in such a non-transparent fashion."
The executive order also is expected to establish mechanisms for the government and business to share information about cyberthreats. What an executive order can't do is to provide liability protections to businesses that share information; that can only be done through legislation.