Former White House cybersecurity policy coordinator Howard Schmidt said the proposed order would also ask DHS to confer with independent agencies, such as electric regulators and others that don’t answer to the president, to see who would take responsibility on cybersecurity.
The hope, said Schmidt, who has seen a recent draft, is that if those agencies won’t let DHS act they would do it themselves, as the Securities and Exchange Commission did in October when it issued guidance on when companies should disclose cyber attacks.
The Commerce Department and the Pentagon declined to comment. Spokespeople for Lieberman and for Senator John Rockefeller, another Democratic leader on the issue who has asked for an executive order, said their offices had not been given copies of the draft.
Cybersecurity has become a major issue in Congress and for the White House, with intelligence officials warning of constant exploration of protected computer systems by hackers and both past incursions and the likelihood of more damaging future attacks on electric plants, banks and stock exchanges.
As of two weeks ago, the planned order did not include any penalties for companies that fail to adhere to the standards. or rewards for those who do. “There are no carrots or sticks,” one person with a recent copy said.
If the order emerges before the election in November, it could become an issue in the campaign. Leading Republicans faulted the Lieberman bill as too onerous. The U.S. Chamber of Commerce, which also criticized that bill, declined to comment on Monday on the merits of a prospective order.
But Lieberman said his bill had been watered down in pursuit of a compromise and asked in his letter Monday that Obama explore means for making the standards mandatory.