Academic journal article Harvard Journal of Law & Public Policy

Building on Executive Order 13,636 to Encourage Information Sharing for Cybersecurity Purposes

Academic journal article Harvard Journal of Law & Public Policy

Building on Executive Order 13,636 to Encourage Information Sharing for Cybersecurity Purposes

Article excerpt

Over the past several decades, cybersecurity has emerged as an issue of increasing national concern. (1) Both government and private entities rely heavily on computer networks for functions related to defense, routine economic activity, and operation of critical infrastructure such as the electrical grid and the water supply. (2) At the same time, attacks on and exploitations of both commercial and government networks are increasing in number and sophistication. (3) Growing awareness of the threat and of U.S. vulnerability led a recent Secretary of Defense to conclude that the "collective result of these kinds of attacks could be a cyber Pearl Harbor; an attack that would cause physical destruction and the loss of life." (4) Perhaps the highest profile recognition of the issue to date is President Obama's warning in last year's State of the Union Address that cyber adversaries pose "real threats to our security and our economy." (5) The President coupled his warning with an announcement of increased executive action to combat these threats and a call for legislation to "give our Government a greater capacity to secure our networks and deter attacks." (6) Though recent disclosures regarding unrelated security programs may have lessened the political appetite for cybersecurity legislation, the threat has not abated. (7) This Note explores the call for legislation in light of Executive Order 13,636, "Improving Critical Infrastructure Cybersecurity." (8)

Part I briefly sets Executive Order 13,636 in the context of the federal government's expanding cybersecurity efforts. Part II turns to the Order itself, focusing on the Enhanced Cybersecurity Services (ECS) information-sharing program, its statutory authority, and its potential for further expansion. Significantly, unlike some programs that have recently been the cause of public concern, (9) ECS does not involve bulk collection of communications or associated metadata by the government. Parts III and IV examine whether the Fourth Amendment, the Wiretap Act, or the Pen Register and Trap and Trace Devices statute impose any constitutional or statutory restrictions on further expansion of ECS. Part V briefly considers two potential legislative approaches that would encourage additional sharing. Part VI concludes that Congress should act to encourage voluntary sharing.

I. THE FEDERAL GOVERNMENT'S EXPANDING CYBERSECURITY PRESENCE

Policymakers for years have recognized the threat to both federal and private networks from malicious cyber actors. (10) Because these networks are interdependent they cannot be effectively defended in isolation. As one defense official put it, "[s]ecure military networks will matter little if the power grid goes down...." (11) Nevertheless, the federal government's earliest efforts to address cybersecurity focused on protecting national security systems. (12) Over the years Congress expanded that focus by providing various authorities intended to protect military networks, (13) federal networks generally, (14) and to some extent, private commercial networks. (15) Unfortunately, the degree to which these and other authorities are scattered about the executive branch creates difficulty in bringing them to bear on the cyber threat in a comprehensive manner. (16) The Bush Administration began to address this problem with the Comprehensive National Cybersecurity Initiative, which combined various cyber functions with traditional law enforcement, intelligence, counterintelligence, and military capabilities, in order to better protect federal networks. (17) Security experts urged the incoming Obama Administration to continue and expand these efforts, emphasizing the importance of private networks in the overall cybersecurity picture. (18) President Obama responded by declaring the nation's "digital infrastructure," including private commercial networks, to be "a strategic national asset." (19) In the four years following that announcement, Congress introduced numerous bills addressing cybersecurity, all of which failed to pass. …

Search by... Author
Show... All Results Primary Sources Peer-reviewed

Oops!

An unknown error has occurred. Please click the button below to reload the page. If the problem persists, please try again in a little while.