The reaction to the impending order has been mixed. Most Republicans oppose it, saying the president should not be bypassing Congress. Even Sen. Susan Collins (R-Maine), a co-sponsor of the CSA, said she did not think an executive order was appropriate.
However, Democratic Sens. Christopher Coons, of Delaware, and Richard Blumenthal, of Connecticut, sent a letter late last week to the White House calling on the president to issue an executive order "directing the promulgation of voluntary standards [by DHS.]"
It doesn't appear to be at the top of the agenda of either Obama or his Republican challenger, Mitt Romney, however. At Monday night's debate on foreign policy, the president said the word "cybersecurity" only once, in passing, and Romney mentioned "hacking" just once.
That was fine with Jason Healey, of the Atlantic Council, and a former White House security official. "First, cyber is not as pressing an international issue as most of the crises pressing on the president's time. No one has yet died from a cyberattack," he said. "Second, Romney did speak directly about pressuring China on intellectual property theft, which is the main cyber problem today."
The reaction from Healey and other security experts to the order itself is also mixed. Some argue that cybersecurity risks, while real, are not at the level of other threats to the nation. Bruce Schneier, on his blog Schneier on Security, criticized Defense Secretary Leon Panetta's recent speech warning of a "Cyber Pearl Harbor."
"It's difficult to have any serious policy discussion amongst the fear mongering," he wrote, adding that while there are real risks, addressing them does not require "heavy-handed regulation."
Good Harbor Consulting's Jacob Olcott agrees. "Targeted information sharing with a small number of companies has proven to be a useful exercise," he said. "But these efforts are very difficult to scale. It's a worthy initiative, but it's also hard to imagine that this will be a success in the short term."
"Heavy-handed regulation is absolutely unnecessary,"Ã'Â he said.Ã'Â "In fact, the government would significantly improve private sector cybersecurity simply by enforcing existing securities laws that require companies to disclose material cyber risks and events to their shareholders."
Healey doesn't oppose an executive order. "This is all about such small items on the margins that getting too worried either way isn't really worth the trouble," he said.
"To fix cyber issues we need to make it so that it is easier to defend than to attack, globally," Healey said. "Sending a few tear line reports isn't going to solve that, but it's a start. Then again, if all we needed to make this happen was the say-so of the President, I wish we'd have done it 10 years ago."
But he is not entirely opposed to fear mongering. "If you're trying to convince people that they are insufficiently worried. I think Panetta can be right," Healey said. "But I still think that heavy-handed regulation isn't the right solution."
Read more about malware/cybercrime in CSOonline's Malware/Cybercrime section.