What’s currently being done?
The Cybersecurity Act of 2012, that was defeated in the Senate in August, provides strengthened protection against cyber attacks in the federal government and in private, critical infrastructure systems. The bill would allow the government and private enterprises the ability to share information about threats more easily. In the absence of legislation, the Obama administration has indicated that it is prepared to move forward with an Executive Order that addresses key issues.
Is the legislation dead?
Not exactly. While the Cybersecurity Act of 2012, which is a bipartisan bill supported by a majority of Senators, did not survive a procedural vote in August, Senate Majority Leader Harry Reid (D-NV) has stated that the bill will be revisited after the November elections. Secretary of Defense Leon Panetta and General David Alexander, head of U.S. Cyber Command have both urged congressional action on cybersecurity after the election.
What’s the difference between the potential Executive Order and legislation?
The Executive Order would set policy under current law in regards to cybersecurity standards on critical infrastructure. The Executive Order cannot provide liability protection. A cybersecurity bill that passed the House in April and the Senate Cybersecurity Act both provided liability protection for private entities that shared information regarding cyber threats with the Administration. Without the incentive of liability protection, an Executive Order cannot be as effective as legislation.