Administration warns cybersecurity order not enough, urges Congress to act

Administration officials said that despite a new cybersecurity executive order, Congress must still enact legislation to better protect the nation's critical computer systems from hackers.

"This executive order is only a downpayment on what we need to address this threat," National Security Agency Director Keith Alexander said during an event at the Commerce Department to discuss the administration's action. "This executive order can only move us so far and is not a substitute for legislation." He emphasized that, unlike legislation, the order cannot grant agencies any new powers or authorities. White House Cybersecurity Coordinator Michael Daniel explained that the administration must still work with lawmakers and industry groups to craft and implement the security standards. "The hard work is actually ahead of us in implementing the [executive order] and making it reality," he said. Dr. Patrick Gallagher, director of the National Institute of Standards and Technology, said his agency will take the first step toward implementing the order by issuing a request for input from the public. He emphasized that the standards are voluntary and are aimed at helping companies better protect their systems. Deputy Attorney General James Cole argued that the executive order includes important safeguards to ensure that companies do not expose their customers' personal information to the government.