By Brendan Sasso - 10/08/12 08:04 PM EDT
Hayden said the administration believes comprehensive legislation is still needed. "Unfortunately, the current prospects for a comprehensive bill are limited, and the risk is too great for the administration not to act," she said.
Rep. Mike Rogers (R-Mich.), chairman of the House Intelligence Committee, called the White House irresponsible last week for failing to reach out to Republican lawmakers and businesses about a cybersecurity order.
"Why you wouldn't want input from the outside on this stuff is beyond me," Rogers said. "And that tells me what kind of product you're going to get too, would be my guess."
Rogers is the author of the Cyber Intelligence Sharing and Protection Act (CISPA), which passed the House in April. The measure would encourage companies and the government to share information with each other about cyberattacks. But the White House threatened to veto the bill over concerns that it would give spy agencies access to people's personal information.
The White House endorsed a separate Senate bill, the Cybersecurity Act, which included tougher privacy protections and would have set government security standards for critical infrastructure, such as gas pipelines and banks.
But Republicans blocked the Cybersecurity Act, arguing that the standards would burden businesses and do little to improve security.
Hayden confirmed that the potential executive order would set voluntary cybersecurity standards for critical infrastructure companies.
She said the standards should be developed in partnership between the government and industry.
"For decades, industry and government have worked together to protect the physical security of critical assets that reside in private hands, from airports and seaports to national broadcast systems and nuclear power plants," she said. "There is no reason we cannot work together in the same way to protect critical infrastructure cyber systems upon which so much of our economic well-being, national security, and daily lives depend."
Sen. Chuck Grassley (R-Iowa), who voted against the Cybersecurity Act and sponsored a competing GOP bill, said the meeting "made clear that cybersecurity is a complex topic that should be addressed by the legislative process, rather than by administrative fiat via an Executive Order."
"The executive branch does not have the legal authority to implement a comprehensive cybersecurity policy," he said. "Consequently, an Executive Order could potentially result in intrusive regulation, confusion, gaps in coverage, and uneven application of policy, thus causing more harm than good. The administration should work constructively with Congress to carefully craft legislation to improve our nation's cybersecurity."
—Updated at 5:34 p.m.