The largely Democratic-backed bill in the Senate that was killed Tuesday failed to win enough support from Republicans in a 51-47 vote. Meanwhile, on Wednesday, The Washington Post broke the news of “Presidential Policy Directive 20,” saying the commander-in-chief signed the measure about a month ago.
According to U.S. officials quoted in the Post article, the directive includes a “broad and strict set of standards” that give guidance to federal agencies on thwarting cyber threats, including defining offensive versus defensive actions taken by the government in cyber security matters.
“The policy also lays out a process to vet any operations outside government and defense networks, and ensure that U.S. citizens' and foreign allies' data and privacy are protected and international laws of war are followed."
The directive doesn't come as an entirely surprising move for the Obama administration, as it updates a 2004 presidential directive on national security.
Failure of the latest cyber security bill follows proposed legislation that was killed in August. Senators have continued to revise the Cybersecurity Act of 2012 in hopes of gaining bipartisan support and implementation.
A version of the bill introduced in February received criticism for the potential cost burden it could place on businesses, particularly small companies, which would be forced to follow additional regulations that may not necessarily improve security. There were also concerns about the government having too much access to private companies' data throughout private and public sector collaboration to thwart cyber threats.
The proposal also has raised civil rights concerns.