Can the next Congress get up to speed on cyber legislation?
Newly elected members of Congress will need a crash course on cybersecurity issues, experts say.
Budget discussions could keep Congress in session until Christmas or beyond, but cyber legislation will almost certainly not come up again this session. Cyber threats themselves, however, continue to evolve - and so does the debate over how to deal with it them.
As the conversation continues within other circles of the community, the 80 new incoming lawmakers, along with those already in place, will eventually start anew in the 113th Congress. The gridlock that doomed cybersecurity legislation this year will by no means automatically evaporate, but new members means new opinions - and 80 individuals in need of a crash course on the issues. Education will be critical for even the highest-ranking members, according to industry insiders.
"We're going to get 80 new members in January. It's complicated even for people who have been following the conversation within the Beltway, and it's been happening at least since April," Matthew Rhoades, director of legislative affairs at the Truman Project and Truman Institute. "If you think about it, these members have to be experts in health care, the financial system, Libya and cybersecurity all in one day - how much are they going to retain from April to December? So the education needs to continue."
Rhoades, speaking at a Center for National Policy forum on Nov. 29 in Washington, noted that cybersecurity still is not a mainstream topic.
"So far, this conversation is under the radar. We didn't hear anything about this in the presidential election, it's not leading the local news or on CNN. It's really left to inside the Beltway, and that's confined the debate to three key constituencies," he said: the national security community, the business community and privacy groups.
That limited conversation has contributed to the legislative impasse, he argued.
"The problem is, those are really the only three groups having the primary conversation, and they're misaligned," Rhoades said. "It's below the public radar. And until that dynamic changes, I think we're going to be where we are now - which is stuck. There are opportunities to change the political dynamic, but until we do that, I don't foresee anything productive happening, especially on Capitol Hill."
Other members on the panel highlighted both the urgency and the complexity surrounding cybersecurity, warning that both of those factors mean it is a national security threat that, while still in the early stages, has serious damage potential.
"In addition to the complexity...how do you define something that underlies so much? You're talking about technology. You have cyber crime, you have data breach, you have intellectual property theft, you have critical infrastructure protection and information-sharing," said Jessica Herrera-Flanigan, CNP cybersecurity fellow. "Every single one of those groups is handled by different people on the Hill.... How do you get all those people in a room and not have conflict? It's a problem the administration has faced over the years as they've tried to figure out where cyber belongs within the government."
Could the new faces bring a fresh methodology to the table? It is possible, but even beyond the internal struggles, the cyber threat continues to progress. That too will require a different kind of approach than what has been taken so far, the panelists indicated.
"We certainly know we're seeing scary shifts of transnational organized crime moving into cyber and more cyber mercenaries -- the guys who are really good at one aspect, like breaking into a system or social engineering. They're guns for hire, and it may be different from previous kinds of crime," said Matthew Fleming, Georgetown University professor and fellow at the Homeland Security Studies and Analysis Institute. "We need to remove the stigma from the word 'regulation.'"