The White House is poised to release an executive order aimed at thwarting cyberattacks against critical infrastructure on Wednesday, two people familiar with the matter told The Hill.
The highly anticipated directive from President Obama is expected to be released at a briefing Wednesday morning at the U.S. Department of Commerce, where senior administration officials will provide an update about cybersecurity policy.
The executive order would establish a voluntary program in which companies operating critical infrastructure would elect to meet cybersecurity best practices and standards crafted, in part, by the government.
Observers are expecting the president to briefly mention the need for the country to improve its defenses against cyberattacks during his State of the Union address on Tuesday.
White House press secretary Jay Carney declined Monday to say whether the president would discuss cybersecurity during his Tuesday address to Congress, saying the president believes that it’s
“a very important issue.”
“It represents a huge challenge for our country. He has called on Congress to take action. Unfortunately, Congress has thus far refused legislatively,” Carney said at a press briefing with reporters. “But I don’t have any previews to provide.”
During last year’s address, the president made a brief mention about the cybersecurity legislative blueprint that his administration put forward in May 2011.
The White House began crafting the executive order after Congress failed to pass cybersecurity legislation last year. Officials said the threat facing the United States was too great for the administration to ignore and that it needed to take action as Congress grappled with passing a bill.
During his second term, the president is expected to exert his executive power on issues such as climate change, and it appears that cybersecurity is also on that list.
Yet administration officials have also stressed that the executive order is not a substitute for cybersecurity legislation, which is needed to protect the country’s water plants, electric grid and other critical infrastructure from cyberattacks.
They note that an executive order cannot, unlike congressional legislation, grant new powers or authorities to federal agencies or departments.
“We need comprehensive cybersecurity legislation,” Andy Ozment, a senior director for cybersecurity at the White House, said at a conference in Washington last week. “We cannot do everything under our existing authorities.”
White House Cybersecurity Coordinator Michael Daniel, Commerce Department Deputy Secretary Rebecca Blank, Department of Homeland Security Deputy Secretary Jane Lute and National Security Director Gen. Keith Alexander will be among the officials participating in Wednesday’s briefing, according to details obtained by The Hill.
A White House spokeswoman declined to comment on the timing of the executive order.
