At the height of the economic crisis in 2008, Saturday Night Live’s “Weekend Update” comedy news show rolled out the character Oscar Rogers as a faux financial commentator. His advice on how to restore the economy? “Fix it! It needs to be fixed! Now!”
Four years later, lawmakers are grappling with a cybercrisis, and despite rising concerns, legislative debates over how to secure U.S. networks and infrastructure have often resembled nothing so much as Oscar Rogers yelling “Fix it!”
Now, with Congress looking unlikely to act anytime soon to fix vulnerabilities in the nation’s computer systems that leave them open to cyberattacks, President Obama is weighing the pros and cons of using an executive order to do what Congress hasn’t.
Experts in government and industry alike report a tide of attacks aimed at stealing information from individuals, companies, and government agencies, potentially making a strong case for presidential action.
Further bolstering the case are warnings from top national-security officials that a catastrophic attack on a critical system like those that run energy grids or chemical plants could cause damage to the economy or even loss of life.
But Obama needs to consider his options carefully, because any unilateral steps could invite accusations from his critics of overstepping his authority. As the acrimonious debate over antipiracy legislation illustrated earlier this year, simmering Internet issues can easily explode.
In the final days before the August recess, the Senate hit an impasse on broad cybersecurity legislation that the White House and national-security and defense leaders support. The bill stalled after businesses and Republicans said the legislation would create burdensome regulations for industry without doing enough to shore up defenses against cyberattacks.
Top White House counterterrorism aide John Brennan said earlier this month that Obama was looking at the possibility of an executive order but that there is no decision yet.
Lee Hamilton, a Democratic former House member who sits on a board that advises the Homeland Security Department and who examined government security failures as cochair of the 9/11 Commission, said that Obama is right to consider moving forward on his own. He said the stalemate in Congress is a “serious breakdown” reminiscent of failures before the terrorist attacks on Sept. 11, 2001.
“The preference would be to work together with Congress, but the threat is serious enough that an executive order is in line,” he said. “There is certainly a lack of urgency in dealing with this, and it’s not a business-as-usual problem. Given the fact that Congress hasn’t acted, the president has the obligation to put together options to secure the country.”
While the debate in Congress largely broke down along party lines, some prominent Republicans support the cybersecurity standards backed by the White House.
Top national-security advisers for GOP presidential candidate Mitt Romney, such as former Homeland Security Secretary Michael Chertoff and former National Security Agency and Central Intelligence Agency chief Michal Hayden, differed with Republicans in Congress and publicly called for the Senate to pass provisions that have Obama’s support.
Romney campaign spokeswoman Andrea Saul declined to elaborate on the Republican candidate’s assertion that more needs to be done to secure American networks, or comment on whether he would favor using an executive order in the absence of legislation. But she reiterated Romney’s promise to make cybersecurity an early priority and didn’t rule out executive action. Romney's plan would require agencies to begin developing a new national cybersecurity strategy within the first 100 days of his administration. “Once the strategy is formulated he will determine how best it can be implemented,” Saul said in an e-mail.
Polls show that while Americans express concerns over cyberattacks, they, too, are divided over what should be done.
Separate surveys published by United Technologies/National Journal and The Washington Post over the summer found that a majority of Americans prefer that the government either not create standards for private companies, or keep any standards voluntary.