This past summer, the Cybersecurity Act of 2012 failed due to a Senate filibuster inspired by industry lobbying. The Obama Administration has publicly raised the possibility of an executive order that merely asks industry, including the power sector, to develop best practices in coordination with the federal government, for voluntary participation.
Unless you've been living under a rock, you've noticed news accounts of a possible executive order on cyber security that would ask the power sector to voluntarily undertake new cyber security efforts on the distribution system and participate in coordinated information sharing with the federal government.
Of course, in an election season, or in industry circles of whatever stripe, use of the term "federal government" is a not-so-secret code word implying incompetence, overreach, mistrust and, generally, a ticket to the monkey house.
On the other hand, in journalism circles, any mention of the terms "self-policing," "voluntary regulation" or "industry knows best" is laughable. Rigor in a challenging task is rarely achieved alone. Star athletes have coaches. Proof readers provide a second set of eyes. Two heads are better than one. Etc.
And so the friction between government and industry will always exist. The relationship becomes particularly thorny when national security and industry converge, as it does in the area of cyber security for critical infrastructure such as exists in the power sector.
That's a sketch of the tensions involved. Now let's look at recent events to set the stage for a variety of interviews that I hope will help illuminate the issue from many angles.
Briefly, Sen. Joe Lieberman, I-Conn., introduced the Cybersecurity Act in February and the measure fell to a Senate filibuster. According to Sen. Jay Rockefeller, D-W. Va., the measure failed due to lobbying by industry groups and the U.S. Chamber of Commerce. In late September, Department of Homeland Security Secretary Janet Napolitano informed the Senate Homeland Security and Governmental Affair Committee that an executive order might be issued but would be less effective than legislation. See more, recent coverage in the following stories:
"Executive order on cyber security builds steam amid criticisms ," by the L.A. Times.