Administration warns cybersecurity order not enough, urges Congress to act

By Brendan Sasso - 02/13/13 01:18 PM ET

Administration officials said on Wednesday that despite a new cybersecurity executive order, Congress must still enact legislation to better protect the nation's critical computer systems from hackers.

"This executive order is only a downpayment on what we need to address this threat," National Security Agency Director Keith Alexander said during an event at the Commerce Department to discuss the administration's action. "This executive order can only move us so far and is not a substitute for legislation."

He emphasized that, unlike legislation, the order cannot grant agencies any new powers or authorities..

Ahead of the State of the Union address on Tuesday night, President Obama signed an executive order that will create a voluntary set of cybersecurity best-practices for companies that operate critical infrastructure, like banks or power plants.

The order also requires federal agencies to share more information with the public about cyber threats to U.S. companies and the public.

The vulnerability of computer systems has gained more attention over the past year after hackers attacked major U.S. newspapers and the websites of U.S banks and federal agencies.

At Wednesday's event, White House Cybersecurity Coordinator Michael Daniel explained that the administration must still work with lawmakers and industry groups to craft and implement the security standards.

"The hard work is actually ahead of us in implementing the [executive order] and making it reality," he said.

Dr. Patrick Gallagher, director of the National Institute of Standards and Technology, said his agency will take the first step toward implementing the order by issuing a request for input from the public.

He emphasized that the standards are voluntary and are aimed at helping companies better protect their systems.

Deputy Attorney General James Cole argued that the executive order includes important safeguards to ensure that companies do not expose their customers' personal information to the government.

"This Order sets the direction for responsible, effective cybersecurity standards and information sharing, while preserving individual privacy and civil liberties and ensuring transparency and accountability to the American public we seek to protect," Cole said

The House passed the Cyber Intelligence Sharing and Protect Act last year, but the White House threatened to veto the measure, citing privacy concerns and the bill's lack of cybersecurity standards for critical infrastructure. The bill's sponsors plan to reintroduce the legislation on Wednesday.

Senate Republicans blocked the administration's preferred cybersecurity bill last year.

Senate Majority Leader Harry Reid (D-Nev.) applauded the executive order in a statement on Wednesday, but he acknowledged the action is not a substitute for legislation.

"Until Congress acts, President Obama will be fighting to defend this country with one hand tied behind his back," Reid said, adding that he is eager to work with lawmakers to enact legislation as soon as possible.