In anticipation of the expected cybersecurity executive order to soon be released by the White House, Members of Congress are now weighing in on what it should encompass.
Representative Zoe Lofgren of California said Monday that social networks, search engines and e-commerce networks should be exempt from any security standards included in the executive order.
On the other side of the fence, Senator Joseph Lieberman, the author of the failed cybersecurity bill which the executive order is expected to be based on, wrote a letter to the White House calling on President Obama to direct the Department of Homeland Security to identify security vulnerabilities in critical infrastructure and create voluntary cybersecurity standards for companies operating this infrastructure to follow.
Even though [the Cybersecurity Act], in the interest of finding compromise, did not contain new authority for existing regulators to require the implementation of cybersecurity standards, I have long believed that such requirements are reasonable and warranted in light of the urgent and grave nature of the threat. I urge you to explore any means at your disposal that would encourage regulators to make mandatory the standards developed by [DHS] pursuant to your executive order so we can guarantee that our most critical infrastructure will be defended against attacks from our adversaries.
For Lofgren, she argued the standards in the cyber executive order should only apply to companies that operate critical infrastructure and not the Internet as a whole.
“Imposing cybersecurity standards on non-critical systems can divert attention away from actions that are central to the functioning of American society and public safety while posing a negative impact on free expression, privacy, business operating costs, and innovation in digital services,” Lofgren wrote in a letter to White House Cybersecurity Coordinator Michael Daniel.
She continued, “Cybersecurity standards for non-critical systems is better addressed through a transparent legislative process that affords technical experts and the public adequate opportunity for input.”