Thursday, 20 September 2012

Napolitano Says Cybersecurity Executive Order Almost Ready

Written by 

Department of Homeland Security Secretary Janet Napolitano revealed September 19 that an executive order granting the president sweeping power over the Internet is “close to completion.”

Testifying before the Senate Committee on Homeland Security and Governmental Affairs, Napolitano said that the order is still “being drafted” and vetted by various high-level bureaucrats. But she also indicated that it would be issued as soon as a “few issues” were resolved. Assuming control of the nation’s Internet infrastructure is a DHS responsibility, Napolitano added.

“DHS is the Federal government’s lead agency for securing civilian government computer systems and works with our industry and Federal, state, local, tribal, and territorial government partners to secure critical infrastructure and information systems,” she informed senators.

Precisely which clause in the Constitution grants to the president specifically or the executive branch (of which DHS is a part) generally authority to exercise any sort of oversight of such matters was not cited by Secretary Napolitano.

Naturally, a document written 225 years ago would not include a reference to cybersecurity, but the principles of enumerated powers and limited government apply to any program or project of the federal government. According to the contract that created the three branches of the federal government, none of those departments may do anything unless specifically granted that authority in the Constitution.

This is a principle of constitutional interpretation often overlooked. Those promoting a larger government with increasing influence on the lives of private citizens commonly defend government growth by insisting that “nothing in the Constitution forbids us from doing” whatever federal program they are advocating.

Such a theory is contrary to that held by the Founders. As James Madison explained in The Federalist, No. 45:

The powers delegated by the proposed Constitution to the federal government, are few and defined. Those which are to remain in the State governments are numerous and indefinite. The former will be exercised principally on external objects, as war, peace, negotiation, and foreign commerce; with which last the power of taxation will, for the most part, be connected. The powers reserved to the several States will extend to all the objects which, in the ordinary course of affairs, concern the lives, liberties, and properties of the people, and the internal order, improvement, and prosperity of the State.

As with so many of her ilk, Napolitano will not allow something as “irrelevant” as the Constitution to stand in the way of our Republic’s slouch into autocracy.

In that vein, the Obama Administration will not stop at seizing control of the Internet. Napolitano declared the president’s intent to enclose an immense territory within the fences of the federal fiefdom. With respect to critical infrastructure, DHS and the sector-specific agencies work together with the private sector to help secure the key systems upon which Americans rely, such as the financial sector, the power grid, water systems, and transportation networks.

The president began mulling a cybersecurity executive order after repeated congressional failure to pass a law accomplishing the same end. Once Barack Obama signs his name to this edict and assuming compliance with its mandates changes from voluntary to involuntary, he will possess powers only dreamed about by the most ambitious dictators of history.

“In the wake of Congressional inaction and Republican stall tactics, unfortunately, we will continue to be hamstrung by outdated and inadequate statutory authorities that the legislation would have fixed. Moving forward, the President is determined to do absolutely everything we can to better protect our nation against today’s cyber threats and we will do that," White House Press Secretary Jay Carney said in an email reported by The Hill.

The demise of the bill in the Senate was not unforeseen. As The New American reported in July:

The Cybersecurity Act of 2012 has been the subject of some criticism as privacy advocates feared that the bill would pose too many threats to the constitutional rights of the American people.

Likewise, the U.S. Chamber of Commerce and IBM sent out letters to show their opposition for the original bill, asserting that it would overwhelm the industry with regulations.

In response to the criticism, Senator Lieberman reformed the original bill.

For example, the updated version of the bill reflects changes to the provision to assign the Department of Homeland Security the role of creating mandatory cybersecurity standards for infrastructure industries.

The newer version of the bill does not include language for “mandatory, regulatory sections,” but still requires a creation of industry best practice standards for the purposes of protecting critical infrastructure, but rather than making the adoption of those standards mandatory, the owners of the critical infrastructure adopt “voluntary” standards. The bill offers incentives to adopt those standards, such as liability protection, and access to threat information.

Some contend that the revisions are not ideal, however, as it gives the government the power to deny threat information to critical infrastructure owners who choose not to comply with the voluntary standards. Likewise, the incentives are too insignificant to fully incentivize any company to adopt the standards.

Since the beginning of his administration, President Obama has made cybersecurity a central plank in his presidential platform. As The New American reported in 2009:

The president pointed out that shortly after taking office he directed the National Security Council and Homeland Security Council to thoroughly review the federal government's efforts “to defend our information and communications infrastructure” and to recommend improvements. He mentioned that National Security Council Acting Senior Director for Cyberspace Melissa Hathaway led the review team, and that the 60-day review included input from industry, academia, civil liberty and privacy advocates, every level and branch of government, Congress, and other advisers — even input from “international partners.”

To that end, the White House proposed legislation in 2011 and has ordered one after the other administration official to testify at no fewer than 17 congressional hearings on the subject.

In a recent Wall Street Journal opinion piece penned by the president, he did his best to instill in the American people fear of the consequences we would suffer should someone launch a successful cyberattack on the critical infrastructure networks of our nation.

As the date of its issuance draws nearer, it is unlikely that any Democratic lawmakers will oppose this usurpation of their legislative powers.

Not every member of Congress is jealous of their exclusive constitutional legislative powers, however.

As reported by cnet.com: "In a letter (PDF) sent to the White House today, Delaware's Christopher Coons and Connecticut's Richard Blumenthal say it's time for an executive order "directing the promulgation of voluntary standards" by the Department of Homeland Security." The letter, addressed to President Obama, reads in part:

We urge you to direct Secretary Napolitano to convene an inter-agency group that will develop, in close collaboration with the private sector, voluntary standards for digital safeguards for our nation’s critical infrastructure. We believe that the government and the private sector must work together with great urgency to enhance the cybersecurity of privately held infrastructure and had hoped that the widely shared goal of addressing this important national security need would have succeeded in forging a consensus.

The standards and obligations created by this executive order will begin as voluntary. In the draft version of the order leaked to the Internet, DHS is not given the authority to punish those companies who fail to adopt the new guidelines.

There may be a remedy for this alleged oversight, however. While describing her department’s procedure for prosecuting cyber criminals, Secretary Napolitano perhaps presaged the resources she could employ to punish violators once the “voluntary” label is removed from the cybersecurity mandates.

“DHS leverages the skills and resources of the U.S. Secret Service (USSS) and ICE, who investigate cyber criminals and work with the Department of Justice, which prosecutes them,” Napolitano said.

Photo of DHS Secretary Janet Napolitano: AP Images