Despite the warnings of generals, intelligence officers, corporate cyber security experts, and academic experts that America is dangerously vulnerable to attack in cyberspace, John McCain and the right wing Chamber of Commerce succeeded in blocking Senate action to improve our ability to defend America against cyber attack. They said they believed that the bill would create onerous federal regulation. Any objective observer would quickly see that there was no such regulation in the bill, but rather a set of industry created, voluntary standards. Even that was too much for the ideologues who believe that private sector companies are better off without any government assistance and can defend themselves from sophisticated cyber attack, despite the overwhelming evidence to the contrary. For a man who campaigned for president on the slogan "Nation First" it was a stunning display of placing partisan and ideological interests ahead of the national security interest.
To be clear, what is at stake here is America's economic competitiveness, something the naive might think a chamber of commerce would champion. Once upon a time, before it became the bastion of knee jerk right wing economic dogma, the chamber of commerce put things like global competitiveness and national security ahead of partisanship and ideological purity. Now, it and its well funded lobbying machine, have killed a bill that would have addressed the most significant current threat to America's ability to compete with China economically and to defend ourselves against potentially devastating cyber war in the future.
In case you have missed the constant drum beat of reporting, China is systematically stealing American corporate secrets, research and development, transactional data, and anything else that is on our corporate computer networks. The four star Army general in charge of Cyber Command has called this "the greatest transfer of wealth in history."
Not satisfied to steal our competitiveness data, China and other nations have placed cyber bombs on such things as our electric power grid control systems. The officers of the government charged with defending us against this sort of threat have made it very clear that they think they need new authorities to help them defend against this real and new kind of warfare. And they have been denied what they need by John McCain and the Chamber of Commerce.
The president went around earlier in the year saying "if congress won't act, I will." He needs now to apply that general concept to the specific problem of cyber security. By the powers invested in him by the Constitution, by the Homeland Security Act, and other laws, the president can by executive order achieve most of what was contemplated in the cyber security bill that has run aground in the monied morass of Capital Hill. He can provide for information sharing about cyber threats with private sector companies that run critical infrastructure. He can create voluntary standards for those industries. He can call upon the existing regulatory bodies to improve their oversight of cyber security. He can use federal procurement power to create incentives for companies to improve their cyber security. And he can direct federal agencies to safeguard key networks and control systems from foreign logic bombs.
Recently the president participated in a war game with members of his cabinet. In the exercise, he came face to face with the kind of devastation a national cyber attack on America could wreak. He would be derelict in his duty, if he allowed us to continue on without a national plan to defend against a major cyber attack. But the truth is today that America has neither a plan nor the capabilities needed to prevent the on going cyber espionage against our companies and an even more damaging potential cyber war attack against our privately owned critical infrastructure.
The president could let the Congressional farce continue on the issue of cyber security, with resulting inaction. He might score some partisan points that way, pointing out the craven hypocrisy of those who stand in the way of addressing this serious issue. That course, however, would be inconsistent with his Constitutional duty to protect the nation from significant threats. He should issue an Executive Order to improve our cyber defenses now.