114th Congress to See Changes in Cybersecurity Leadership

Multiple House and Senate committees responsible for cybersecurity legislation and oversight will have new leadership in the 114th Congress, but industry lawyers and lobbyists told us that's unlikely to result in substantial changes in how the committees handle cybersecurity legislation. Most cybersecurity legislation has been stalled during the 113th Congress and there are limited prospects for bills like the Cybersecurity Information Sharing Act (CISA) to pass during the lame-duck session (see 1411070037). Those limited prospects are in part a reflection of a desire to “start fresh” on cybersecurity once the 114th Congress convenes, said Jessica Herrera-Flanigan, a lobbyist at the Monument Policy Group whose Q3 clients included LinkedIn and Microsoft.

Most of the high-profile committee leadership changes will be in the Senate, where the Republicans retook the majority during the midterm elections earlier this month, but there has also been a shift on the House Intelligence Committee. Rep. Devin Nunes, R-Calif., will take over as chairman of House Intelligence from retiring Rep. Mike Rogers, R-Mich. Nunes was a co-sponsor of the House-passed Cyber Intelligence Sharing and Protection Act, HR-624, which CISA (S-2588) mostly mirrors. Nunes’ elevation to House Intelligence’s chairmanship likely means the committee will bring up legislation roughly similar to CISPA in the 114th Congress, an industry lobbyist said. Other cyber committees’ chairmen are to retain their leadership roles, most prominent among them being House Homeland Security Committee Chairman Michael McCaul, R-Texas, Herrera-Flanigan said. McCaul sponsored the House-passed National Cybersecurity and Critical Infrastructure Protection Act (HR-3696), which is awaiting further action in the Senate.

Sen. Ron Johnson, R-Wis., will become chairman of the Senate Homeland Security Committee, while current Chairman Tom Carper, D-Del. will become the committee’s ranking member. Current ranking member Tom Coburn, R-Okla., didn’t seek re-election this year. Johnson “has been engaged on cybersecurity in recent months,” meaning he’s likely to keep the issue visible in the committee when he takes over, while Carper will continue to also play a role, Herrera-Flanigan said.

Sen. Richard Burr, R-N.C., will become chairman of the Senate Intelligence Committee, with current Chairwoman Dianne Feinstein, D-Calif., becoming the committee’s vice chairwoman. Current committee vice chairman Saxby Chambliss, R-Ga., didn’t seek re-election this year. Burr’s takeover of Senate Intelligence is likely to mean any cyber legislation coming out of the committee will be even more closely aligned to what House Intelligence produces, as Burr has generally opposed increasing transparency on cybersecurity issues, an industry lobbyist said. Feinstein had included more privacy protections in CISA than were in CISPA, though privacy advocates have continually said CISA remains inadequate on that front.

Senate Commerce Committee ranking member John Thune, R-S.D., will continue to play a leading role on cybersecurity issues when he takes over chairmanship of that committee, Herrera-Flanigan said. Senate Judiciary Committee ranking member Chuck Grassley, R-Iowa, is likely to push cybercrime issues as part of his agenda when he takes over that committee’s chairmanship, Herrera-Flanigan said. Senate Judiciary Chairman Patrick Leahy, D-Vt., is to become that committee’s ranking member, while Sen. Bill Nelson, D-Fla., will become ranking member on Senate Commerce. Current Chairman Jay Rockefeller, D-W.Va., also didn’t seek re-election. Nelson has experience on cybersecurity issues that will help “take up cybersecurity issues” for Senate Commerce Democrats, but Sens. Richard Blumenthal, D-Conn., Amy Klobuchar, D-Minn., and Claire McCaskill, D-Mo., are likely to be active on data breach issues, Herrera-Flanigan said.

Cyber leadership in Congress may “also come from other surprising sources,” including Sen. Kirsten Gillibrand, D-N.Y., said former FCC Public Safety Bureau Chief Jamie Barnett, a telecom and cybersecurity lawyer at Venable. Gillibrand “has charted out a niche for herself on cybersecurity incentives,” including pushing for cyber-related tax incentives and seeking limitations of liability for companies that adopt cybersecurity best practices, Barnett said. “Here’s a Democrat who’s proposing things that should appeal to Republicans,” he said. “It’s certainly business friendly and I think it’s something that will move cybersecurity ahead. It makes sense to put tax incentive dollars toward cybersecurity.”