Homeland Security Secretary Janet Napolitano on Wednesday said the cybersecurity executive order that the White House is drafting is "close to completion."
At a Senate Homeland Security and Governmental Affairs Committee hearing, Napolitano said the executive order is "still being drafted in the inter-agency process" and "is close to completion depending on a few issues that need to be resolved at the highest levels."
She said the draft order still needs to be reviewed by President Obama.
The White House began to explore an executive order last month after Senate Republicans blocked a sweeping cybersecurity bill from Sen. Joe Lieberman (I-Conn.). The executive order aims to encourage critical infrastructure operators to beef up the security measures they use to protect their computer systems and networks from hackers.
The draft has been circulated to relevant agency officials over the past month for feedback, as The Hill first reported.
The voluntary program in the draft order is based on a measure in Lieberman's bill that drew opposition from GOP senators and business lobbying groups, chiefly the U.S. Chamber of Commerce. Critics argued that the program would serve as a backdoor for regulatory agencies to force companies to meet new security standards.
Napolitano again urged Congress to enact comprehensive cybersecurity legislation, arguing the White House cannot completely address the threat on its own. She noted that DHS is limited in the number of trained cyber personnel it can hire, which cannot be addressed by an executive order.
An order from the president also can't offer liability protections to companies, which protect them from legal action if they are hit by a cyberattack. Napolitano said liability protections are "often viewed as mechanisms to foster timely and effective information sharing" about cyber threats between government and industry.
Lieberman, the chairman of the Senate Homeland Security Committee, said he was encouraged to hear that the administration was close to wrapping up work on the draft order. He said the White House should move forward on implementing the executive order and not wait to see if Congress passes cybersecurity legislation during the lame-duck session after the election.
- This story was last updated at 4:45 p.m.