Congress Divided on Cybersecurity Approach
The Senate lacks a consensus on a cybersecurity framework, causing some to question whether momentum for the Collins-Lieberman bill will wane. “We cannot afford to wait for a ‘cyber 9/11’ before our government finally realizes the importance of protecting our digital resources, limiting our vulnerabilities, and mitigating the consequences of penetrations to our networks,” said Homeland Security Ranking Member Susan Collins, R-Maine, through a committee spokesman. Meanwhile, there is a great deal of consensus among the private sector on its recommendations for a cybersecurity framework.
Sign up for a free preview to unlock the rest of this article
Timely, relevant coverage of court proceedings and agency rulings involving tariffs, classification, valuation, origin and antidumping and countervailing duties. Each day, Trade Law Daily subscribers receive a daily headline email, in-depth PDF edition and access to all relevant documents via our trade law source document library and website.
Collins is a co-sponsor of the Protecting Cyberspace as a National Asset Act along with committee Chairman Joe Lieberman, I-Conn., and Sen. Tom Carper, D-Del. The bill gained attention early this year for its so-called “kill switch” provision, which explicitly forbids the president or “any other officer or employee of the federal government” to shut down the Internet (WID Feb 22 p9). Despite the immediate buzz that followed the bill’s reintroduction, other bills are vying to lead the cybersecurity debate, causing Internet Security Alliance CEO Larry Clinton and others to wonder if the bill can retain its momentum.
"I don’t see momentum for [the Lieberman-Collins] approach,” said Clinton. “It was my understanding that that wasn’t the bill that was going to move anyways.” Clinton said the most likely vehicle for a cybersecurity bill would be a combined legislative effort that incorporates elements from the Lieberman-Collins bill and the bill proposed by Senate Commerce Committee Chairman Jay Rockefeller, D-W.Va., and Sen. Olympia Snowe, R-Maine. That combined bill would then integrate recommendations from the departments of Defense and Homeland Security, among other agencies, Clinton said.
The Lieberman-Collins cyber bill is “not on the back burner at all,” said a spokesman for the Senate Homeland Security Committee. While congressional leaders have not yet reached a consensus, the spokesman said that the bill could go to vote this summer or early in the fall. “Keep in mind that the legislative process is not a speedy one and this is a big bill,” he said. The spokesman confirmed that congressional leaders are still waiting for the Obama administration to provide some of its recommendations on the bill. Calls placed to Lieberman’s office weren’t immediately returned.
There has been no lack of interest from Congress on the topic of cybersecurity. On Wednesday evening, Sens. Sheldon Whitehouse, D-R.I., and Judiciary Subcommittee on Crime and Terrorism Ranking Member Jon Kyl, R-Ariz., presented a cybersecurity awareness bill that aims to raise the public consciousness of cyberthreats against the U.S. The legislation would initiate a continuous information sharing system between the government and the private sector, to secure the nation’s “networks, identities, infrastructure, and innovation economy,” Whitehouse said.
The bill requires the departments of Homeland Security and Defense to submit reports to Congress that detail cyberincidents on the .gov and .mil domains. The reports would provide aggregate statistics on breaches, the volume of data exfiltrated, and the estimated cost of remedying these breaches, as well as the continuing risk of cybersabotage after an incident, Whitehouse said. The bill requires the Department of Justice and the FBI to submit annual reports on their investigations and prosecutions of cybercrimes.
"No one expects this to be quick, and you have more bills floating around that need to be reconciled,” said Jim Lewis, director of technology and public policy at the Center for Strategic and International Studies. “This will be a long-term struggle and taking a little time is probably a good thing.” The one common thread is that people realize the market alone won’t deliver security, said Lewis. In an ideal world, he said that cybersecurity legislation would address ways to better protect critical infrastructure, increase cybersecurity training for the federal workforce, clarify the cyber authority of the DOD and DHS, create a U.S. Trade Representative-like office at the White House and boost transparency and information sharing efforts. “These are some tough issues, but people know what a good bill would look like,” Lewis said.
USTelecom, NCTA and CTIA echoed these recommendations in a joint letter they sent this week to Howard Schmidt, the administration’s cybersecurity coordinator. The letter outlined a legislative framework that focuses on three key priorities: Improving the government’s cybersecurity posture, forming strong partnerships with industry members on national security issues and improving consumers’ abilities to thwart online threats. The government needs to restructure its cybersecurity effort, push for greater scrutiny of federal vendors, better train the federal cybersecurity workforce and increase federal research and development, the letter said. Increased collaboration with the private sector is equally essential and the government should assign a single, coordinated federal entity to engage with the private sector on cybersecurity issues, the groups said. The government should increase industry incentives, facilitate more information sharing and adopt a collaborative model similar to the National Infrastructure Protection Plan, they said. The groups also said the government should consider funding cybersecurity education for consumers and students in particular, to encourage a better understanding of cybersecurity issues.