Policy Documents

Cyber Security Internet And Technology Regulation

Paul Rosenzweig –
November 15, 2012

The Administration has now released a draft executive order (EO) on cybersecurity, and with President Obama’s recent re-election, the likelihood that the EO will be issued has only increased. Furthermore, Senate majority leader Harry Reid (D–NV) has promised to bring the similarly flawed Cybersecurity Act of 2012 up for another vote.

When the EO is issued, it is likely to be a significant step—and probably in the wrong direction. Republicans and Democrats in both the Senate and the House of Representatives rejected a regulatory approach to cybersecurity, but the new EO pushes a “voluntary” standard-setting model backed by existing regulatory authority, comparable to the Cybersecurity Act of 2012.

While the scope of the existing regulatory authority is ambiguous, the Administration has signaled its intention to push as far as existing rules allow—and perhaps further. Who, after all, will sue to stop the government from protecting against cyber threats? Backed by the threat of regulation and promises of further incentives and a federal procurement preference, this order will likely be very significant and very costly while not providing important cybersecurity solutions, such as effective information sharing.