A new draft of President Obama's widely criticized executive order on cybersecurity might appease both hardliners who want the government to be able to freely access networks under hacker attack and privacy advocates who say there's no excuse to allow government agencies to see their private information.
The executive order is based on Obama's preferred cybersecurity bill, the Cybersecurity Act of 2012 (CSA) -- which failed in the Senate in August -- has been targeted for many reasons, particularly by Republicans in Congress who find it weak. Some worry that Obama would issue a unilateral order on an issue Congress can't agree on; others argue that it would force companies to adopt better cybersecurity, an undue financial strain. The most oft-repeated argument is that the U.S. can only be truly safe if its networks can freely share information with government agencies like the Department of Homeland Security and NSA. In other words, they're only happy with an order that's essentially the same as the Cyber Intelligence Security Protection Act (CISPA), which passed the House in April.
Privacy advocates, on the other hand, are fearful of the executive order for the exact opposite reason -- that it would resemble CISPA. They don't want Department of Homeland Security (or the NSA or the FBI) to have extended powers to snoop through networks, so much so that many celebrated the defeat of the Cybersecurity Act, even with CISPA looming.
However, a new draft of the executive order, obtained by the Associated Press and released Saturday, indicates that Obama is now willing to make the exact concession that Sen. Ron Wyden has called for: using CISPA-like provisions for networks related to critical infrastructure, like power grids and railroads, and leaving private networks, like Google and all social media, alone.
The draft puts the Department of Homeland Security in charge of identifying which systems could, if hit by cyberattack, "reasonably result in a debilitating impact on the country.