The White House is circulating a draft of an executive order aimed at protecting the country from cyberattacks, The Hill has learned.  

The draft proposal, which has been sent to relevant federal agencies for feedback, is a clear sign that the administration is resolved to take action on cybersecurity even as Congress remains gridlocked on legislation that would address the threat.

The draft executive order would establish a voluntary program where companies operating critical infrastructure would elect to meet cybersecurity best practices and standards crafted, in part, by the government, according to two people familiar with the document.

The concept builds off of a section in the cybersecurity bill from Sen. Joe Lieberman (I-Conn.) that was blocked last month by Senate Republicans, who called it a backdoor to new regulations. 

The draft has undergone multiple revisions and is brief, spanning no more than five pages. It is still being worked on and is subject to change, the people familiar with the draft stressed. 

It's also unclear whether the final product will get the president's approval to move forward.

A new draft of the executive order is expected to be shared with agencies next week. 

White House counterterrorism adviser John Brennan first floated the idea of an executive order in a speech a few days after the Senate bill failed. He said the White House would consider taking action on the executive level to ensure key infrastructure such as the power grid, water supply and transportation networks are secure.

The momentum for cybersecurity legislation in Congress weakened after Lieberman's bill failed to clear the Senate. Now industry groups and Congress are watching the White House for clues about what might be included in a executive order on cybersecurity. 

A spokeswoman for the White House declined to comment on whether a draft for a executive order was being circulated, but said it is one of the options the administration is weighing.

"An executive order is one of a number of measures we’re considering as we look to implement the president’s direction to do absolutely everything we can to better protect our nation against today’s cyberthreats," said White House spokeswoman Caitlin Hayden. "We are not going to comment on ongoing internal deliberations.”

Sponsors of Lieberman's bill have urged the White House to issue an executive order to put measures in place that ensure key infrastructure is better protected from cyberattacks. Sens. Jay Rockefeller (D-W.Va.) and Dianne Feinstein(D-Calif.) both sent letters to the White House last month that urged the president to take action. 

According to the people familiar with the draft, the executive order would set up an inter-agency council that would be led by the Department of Homeland Security (DHS). Members of the council would include the Department of Defense and the Commerce Department, and discussions are ongoing about including other agencies and officials, such as representatives from the Department of Energy and Treasury Department, as well as the attorney general and the director of national intelligence. 

DHS would be responsible for the overall management of the program, but the Commerce Department's National Institute of Standards and Technology (NIST) would work with industry to help craft the framework for it. The agency would work with the private sector to develop cybersecurity guidelines and best practices.

DHS would receive the guidance from NIST and work with so-called sector coordinating councils to identify which industry sectors would be considered critical infrastructure, as well as determine what cybersecurity best practices and standards the industry participants in the voluntary program would follow. 

Those coordinating councils are already in place, and fall under an arm of DHS that manages critical infrastructure protection. The councils are run and organized by industry members from each sector, such as financial services and electricity. 

MORE