Lieberman pushes for mandatory standards in White House cyber order

"Even though [the Cybersecurity Act], in the interest of finding compromise, did not contain new authority for existing regulators to require the implementation of cybersecurity standards, I have long believed that such requirements are reasonable and warranted in light of the urgent and grave nature of the threat," Lieberman wrote. "I urge you to explore any means at your disposal that would encourage regulators to make mandatory the standards developed by [DHS] pursuant to your executive order so we can guarantee that our most critical infrastructure will be defended against attacks from our adversaries."

Lieberman, the chairman of Senate Homeland Security and Governmental Affairs Committee, was one of the lead sponsors of a cybersecurity bill that was blocked by Senate Republicans in August. GOP senators and business lobbying groups, led by the U.S. Chamber of Commerce, argued that the provisions in the Cybersecurity Act opened the door for federal agencies to adopt burdensome new regulations for companies to follow.

Other co-sponsors of Lieberman's Cybersecurity Act, Sens. Jay Rockefeller (D-W.Va.) and Dianne Feinstein (D-Calif.), sent letters to the president earlier this summer that urged him to issue an executive order aimed at boosting the nation's cybersecurity.

The president should also use his authority to strengthen information sharing measures that would make it easier for government and industry to relay data to one another about cyberthreats, Lieberman argued. However, the Senate Homeland Security chairman acknowledged that "(e)xecutive action cannot make all the changes necessary to facilitate the type of information sharing we urgently need – only new statutory authorization will be sufficient."

The Cybersecurity Act was Lieberman's chief legislative priority this year and had hoped the bill's passage would be the last chapter of his legacy in the Senate before he retires at the end of the session.

Lieberman said his preference is for Congress to pass legislation, but voiced skepticism that this could be accomplished by the end of the session.

"Though it is hard to be optimistic about the prospects of passing legislation in the lame-duck session, I continue to work with my colleagues to find a bipartisan and bicameral compromise," he said.

The White House is currently drafting an executive order on cybersecurity that builds off a provision in the Cybersecurity Act. It would create a voluntary program in which companies operating key infrastructure would elect to meet a set of security standards developed, in part, by DHS.

When testifying before Lieberman's committee last week, Homeland Security Secretary Janet Napolitano said the draft cyber order was "close to completion" and there were a few issues that still needed to be resolved "at the highest levels." 

For its part, the White House has kept mum on what's included in the draft order and the timing on when it could be issued. During the White House press briefing on Monday, Press Secretary Jay Carney said President Obama "takes the issue of cybersecurity very seriously" and hoped that Congress would have passed legislation on it. He declined to comment further on next steps.