To coincide with his State of the Union Address, President Obama issued an executive order designed to strengthen the cybersecurity of "critical infrastructure" Tuesday, which some experts say could get the ball rolling for a renewed legislative push in Congress.
Cybersecurity was a big issue last year, with bills such as the Cyber Intelligence Sharing and Protection Act being condemned by privacy experts, who alleged the proposed legislation shared too much private information with government.
The executive order signed Tuesday contains some provisions of CISPA, including the ability for government agencies to share classified "threat and attack" information with companies that control power grids, water supplies, and other important national interests. But only new legislation would allow or require companies to share cyber threat information with the federal government, which was a hangup for civil liberties organizations fighting against CISPA.
In his prepared remarks, Obama said foreign threats are attempting to shut down critical American infrastructure.
"We know foreign countries and companies swipe our corporate secrets. Now our enemies are also seeking the ability to sabotage our power grid, our financial institutions, and our air traffic control systems," he said. "Earlier today, I signed a new executive order that will strengthen our cyber defenses by increasing information sharing, and developing standards to protect our national security, our jobs, and our privacy."
The order has been in the drafting stages since at least September, when documents shared with U.S. News showed that the administration was considering issuing the order. Jim Halpert, a privacy lawyer with DLA Piper, says the fact that Obama decided to issue the order to coincide with his State of the Union address suggests he may put pressure on Congress to do something more substantial this year.
"I think it helps to get all the players together and shows there's going to be a big emphasis on this with this term," he says. "This could be a spur to action."
The executive order contains specific "privacy and civil liberties protections" that are designed to placate some of CISPA's critics.
Mary Ellen Callahan, former chief privacy officer at the Department of Homeland Security, says it's an "important first step in shoring up our cybersecurity ecosystem" and that the "outreach to the privacy community was extensive" in the order.
Lee Tien, a senior staff attorney with the Electronic Frontier Foundation, which staunchly opposed CISPA, says he "gives credit to the White House for expressly adding some privacy language to earlier drafts of the executive order."
The order calls for annual privacy reviews to "assess the privacy and civil liberties risks of the functions and programs undertaken by [the Department of Homeland Security]" in a publicly available report, set to be released sometime in the next year.
Tien says the administration is "clearly trying very hard" to assuage the concerns of the privacy community, but by definition, an executive order cannot be as far-reaching as CISPA would have been. But the fact that the government will soon be sharing classified information with private companies could set a bad precedent should Congress decide to act, he says.
"If companies get used to this flow of useful data, we don't know what kind of quid pro quos or bargains might be struck; what kind of actions or reciprocity might be involved," he says. "But for now, there's a fundamental constraint on what the President can do—he doesn't make the law."