In the past couple of years, a wide variety of computer viruses and other malware have allegedly been used by one nation against another. This secretive form of warfare even briefly plastered names like Stuxnet, Duqu, Flame, and Gauss across the front pages. In partial response to the threat posed to U.S. interests by hostile foreign countries and/or individuals, different cybersecurity bills are percolating through the halls of Congress, including the SECURE IT Act of 2012, the Cybersecurity Act of 2012, and others.
No one can dispute the very real danger posed by cybersecurity threats and the potentially disastrous results if they are unleashed upon a country or upon an industrial or financial system. In a recent Wall Street Journal op-ed, President Obama wrote that “the cyber threat to our nation is one of the most serious economic and national security challenges we face.” The president also stated that “foreign governments, criminal syndicates and lone individuals are probing our financial, energy and public safety systems every day.”
President Obama then pushed for the passage of the Cybersecurity Act of 2012, which would require the sharing of information between the private and public sector, develop cybersecurity standards, and other protections. In support of that bill, President Obama wrote that “Congress must pass comprehensive cybersecurity legislation” and that “We all know what needs to happen.”
However, in early August the U.S. Senate rejected cybersecurity legislation, with Republican members concerned that the bill would impose burdensome obligations on businesses.
The president has indicated that he is considering imposing the same cybersecurity measures by executive order.
“In the wake of Congressional inaction and Republican stall tactics, unfortunately, we will continue to be hamstrung by outdated and inadequate statutory authorities that the legislation would have fixed,” Presidential press secretary Jay Carney said.
This possibility does concern us.
Although computer malware poses a real and credible danger to U.S. interests, we also need to discuss how cybersecurity is going to be achieved. The use of an executive order to bypass the legislative process is of questionable constitutionality because it may violate the separation of powers mandated by the Constitution.
A step that creates such an extensive public-private partnership and involves the government so much in private decisions to provide security at least deserves approval after full discussion by a majority of both houses of Congress. We hardly think that the threat has risen to the level of “war” that would permit the president to engage in unilateral emergency actions to protect national security.
As the tech editor of the Daily Caller wrote recently: “The failed cyber security bill, which could be revived by Sen. Majority Leader Harry Reid when the Senate comes back from recess in September, would have given federal agencies in charge of regulating critical infrastructure industries like power companies and utilities the ability to mandate cybersecurity recommendations … An executive order would be another action from the Obama administration to extend executive branch authority over a largely free and open Internet.”