Hill Cybersecurity Leaders Hoping to Avoid Impasse in 2013
The new leaders of the House and Senate committees with cybersecurity authority are already developing a plan to bolster laws and guidelines they hope will protect networks from attack. In separate interviews, incoming House Homeland Security Committee Chairman Michael McCaul, R-Texas, and Sen. Tom Carper, D-Del., incoming chairman of the Senate Homeland Security and Governmental Affairs Committee, said it’s crucial to form relationships now that will help them break the cybersecurity impasse of the current Congress. Meanwhile, the White House said it continues to meet with the private sector to help craft a cybersecurity executive order aimed at securing the nation’s computer and communications networks.
Sign up for a free preview to unlock the rest of this article
Communications Daily is required reading for senior executives at top telecom corporations, law firms, lobbying organizations, associations and government agencies (including the FCC). Join them today!
McCaul said next year he plans to embark on an extensive outreach campaign with critical infrastructure stakeholders from across the country. “I want to get input from the private sector on how best to address this issue,” he said. “What I plan to do is have listening posts, both with the committee in Washington for those who we invite to come into town, and plan to go with the subcommittee chairs to various places around the country to visit the critical infrastructure and talk to them about how best to approach this problem. Then after we do that and we draft the bill right, you are going to get a buy-in from the stakeholders and you're going to get support and you're going to get a bill passed.”
Though the House ultimately passed four cybersecurity bills this year during its spring “cyberweek,” House Homeland Security failed to advance its legislation, HR-3624, the Promoting and Enhancing Cybersecurity and Information Sharing Effectiveness Act. The bill attempted to impose minimum cybersecurity requirements on the owners and operators of critical infrastructure sectors like banking and finance, communications and IT, the defense industrial base, water, chemical, healthcare and the energy, electricity, oil and natural gas subsectors. That attempt failed, said McCaul, because there wasn’t enough support from the private sector: “It is extremely important to get a buy-in from the stakeholders ... it is a relationship that needs to be incentivized and cultivated and not a forced relationship.”
Another crucial element for crafting a successful cybersecurity bill is to elicit support from both chambers of Congress, McCaul said. The lack of negotiations and discussion between House and Senate cybersecurity leaders in the current Congress was “a mistake,” he said. “It would be important for me to reach out in a bicameral way. We can pass things in the House all day but if the Senate is not going to entertain it, it doesn’t mean anything.”
McCaul met this month with Carper to broker a relationship that they hope will lay the foundation for cybersecurity discussions in the next Congress, Carper told us during an interview at the Capitol. Carper said it was a “good meeting. It was just a chance to begin to know each other.” Carper, who will replace retiring Chairman Joe Lieberman, I-Conn., said he also met this month with all his colleagues on the committee to develop the “interpersonal relationships that makes what follows go a lot easier.”
This year, Senate Majority Leader Harry Reid, D-Nev., did not schedule a vote on any of the House-passed cybersecurity bills. Instead he sought, and ultimately failed, to reach a vote on S-3414, the Cybersecurity Act, which aimed to encourage voluntary, baseline cybersecurity guidelines for the owners and operators of the nation’s critical infrastructure sectors. McCaul said that bill was a “non-starter” for many House members because stakeholders said the legislation would impose a “regulatory regime” on critical infrastructure sectors.
McCaul said he also hopes to garner support from the privacy community, which has largely been skeptical of the House-passed cyberthreat information sharing bill known as the Cyber Intelligence Sharing and Protection Act (HR-3523). “One of the hurdles of that legislation was to convince [stakeholders] that there were privacy protections in that bill,” he said. Privacy advocates like the Center for Democracy and Technology, Demand Progress, TechFreedom and the Electronic Frontier Foundation objected to the way the bill would grant legal immunity to ISPs who share private Web communications with the federal government and the National Security Agency (CD April 12 p8). McCaul said it was still too early to comment on specific legislative items, but said he would consider adding privacy language to his committee’s cybersecurity bill in the next Congress.
President Barack Obama continues to pursue a cybersecurity executive order to establish federal policies under current law, a White House spokeswoman said Wednesday. While the administration believes an executive order is not a substitute for new legislation, “the risk is too great for the administration not to act,” she said. The administration coordinated more than 30 meetings with private sector stakeholders in the past few months and met directly with more than 200 companies and trade organizations to develop a collaborative solution, she said. The spokeswoman would not say when the executive order will be implemented.
A group of nearly 50 House Republicans urged the president in a letter made public last week (http://xrl.us/bn73fm) not to preempt Congress by “pushing a top-down regulatory framework” and instead work with lawmakers to improve national security. “Now is not the time to put heavy-handed regulations on industries that need incentives to improve their cyberdefenses and share cyberthreat information,” it said. “We believe stakeholders in the cyber ecosystem should be encouraged to develop and deploy innovative security solutions in a cooperative fashion.” The letter was authored by Reps. Marsha Blackburn, R-Tenn., and Steve Scalise, R-La., and signed by 44 other House Republicans including incoming Judiciary Committee Chairman Bob Goodlatte of Virginia.