Backers of the White House’s proposals, however, say an executive order could add clarity to the debate and prove to skeptics that the government can play a greater role in protecting American networks without violating privacy or burdening private businesses.
“I think it’s hard to make things any messier than it was politically,” said James Lewis, an expert at the Center for Strategic and International Studies. “If done right, an executive order could help critics reconsider their arguments.”
That’s an analysis echoed by University of California (Berkeley) professor Steven Weber who said many people seem to be “sleepwalking” when it comes to the threat of cyberattacks. An executive order, he said, could reform cybersecurity policies before a catastrophic attack galvanizes public opinion.
An executive order could give Obama the chance to take a strong stand on a rising national-security concern while portraying Republicans in Congress as ditherers.
But an order is unlikely to accomplish all of the White House’s aims. It couldn’t hand DHS wider authority to ensure that certain private networks are secure. Nor could it entirely ease legal restrictions that prevent businesses from sharing threat information. Even policy changes for some federal network-security policies would likely need congressional action. Additionally, any action would need to avoid inciting privacy watchdogs who fear cybersecurity could be used as an excuse to undermine civil liberties.
And some analysts said the politics of an executive order could cut both ways for Obama. Presidents often win political debates that pit them against an unpopular Congress, especially one perceived as unable to do anything substantive, said Peter Feaver, a former National Security Council staffer during the Clinton and George W. Bush administrations. But if Obama were to take unilateral action, it would give his critics on the right an opening to paint him as an “imperial” president and to accuse him of saddling business with new regulations, Feaver said.
“In general, White Houses win in these fights with Congress, but this White House has played this card many times,” Feaver said. “This is an issue where there are bound to be unintended consequences and any cybersecurity measures will need a system to fix and update the provisions down the road. This administration has a hard sell assuring people to trust them to fix things later.”
Paul Rosenzweig, a consultant and visiting fellow at the conservative Heritage Foundation, said a cybersecurity executive order could play into both the “imperial presidency and do-nothing-Congress” narratives, but said he thinks there is a genuine possibility for a future compromise and unilateral action by Obama would do little to actually help secure private networks.