Legislation

Cyber order could help shape later law

U.S. Capitol Dome - Photo by the Architect of the Capitol

The expected cybersecurity executive order should serve as a template for action when Congress once again takes up cybersecurity legislation, according to Capitol Hill insiders speaking at 1105 Government Events’ Oct. 22 cybersecurity conference.

The order will be useful for guidance regardless of any potential post-election power shifts, they said.

(1105 Government Events is part of 1105 Media, the parent company of FCW.)

“There are a lot of moving pieces, but the ground has now been plowed. No matter who’s in leadership position, the awareness has been raised, people are on the record and we have leaders on both sides of the aisle [agreeing] something needs to be done. The rest is just details,” said Clete Johnson, counsel in the office of Sen. Jay Rockefeller (D-W.Va.) and lead staffer on the Senate Select Committee on Intelligence. “Whatever happens in November, I don’t think too much more time is going to pass before we do what we need to do, no matter who the leadership is."

There are limitations on what the executive order can encompass, though, which means that legislation still is critical to national security in cyberspace. An executive order cannot codify, meaning it relies on existing statutes that it cannot alter – a significant issue for information-sharing, which is crucial to cybersecurity action.

“The EO could [address] government-private sector information-sharing; the problem is the limits on what it can do for private-to-private and private-to-government,” particularly with regard to liability concerns, Johnson said. “It would require amending electronic privacy statutes, and an EO can’t do that. It’s a major problem since information-sharing is one of the two cornerstones.”

The other cornerstone is critical infrastructure, which has challenges of its own in an executive order.

“Critical infrastructure is mostly life-or-death-type systems…the difficulty with them is defining which are critical and then [addressing] the ‘ad hocracy’ or ad-hoc approach to them that our government and society bring to securing those systems,” Johnson noted.

“How do you promote best practices, leadership and accountability?” Johnson asked. “The most important thing is how do you allow private-sector market incentives and dynamics to drive a race to the top on cybersecurity, as opposed to [a government-led] top-down approach.”

Another problem is the range of policies and governance employed across the critical infrastructure sector. The patchwork nature of the regulations are presenting a hurdle for the White House, according to Trey Hodgkins, TechAmerica’s senior vice president, global public sector.

“One challenge the White House indicated they’re undertaking is going through the existing authorities for each sector,” said Hodgkins, who has met with stakeholders from the government and private sector regarding the executive order. “Since there aren’t uniformities across the sector, they are attempting to understand existing authorities and what they may or may not be able to do.”

Even after the executive order – if it does indeed become a reality – there will still be an uphill battle on the Hill, where partisan stalemates could threaten action once again.

“It’s very difficult to predict procedurally how [legislation will] go through. We hope something can happen swiftly but at same time…we have to first do no harm. We have to make sure we’re still doing what we think is the right way to move forward. We have to work quickly but smartly,” said Michael Seeds, legislative director for Rep. Mac Thornberry (R-Texas). “This lays the groundwork for the next Congress…we’re hopeful.”

About the Author

Amber Corrin is a former staff writer for FCW and Defense Systems.

The Fed 100

Save the date for 28th annual Federal 100 Awards Gala.

Featured

  • computer network

    How Einstein changes the way government does business

    The Department of Commerce is revising its confidentiality agreement for statistical data survey respondents to reflect the fact that the Department of Homeland Security could see some of that data if it is captured by the Einstein system.

  • Defense Secretary Jim Mattis. Army photo by Monica King. Jan. 26, 2017.

    Mattis mulls consolidation in IT, cyber

    In a Feb. 17 memo, Defense Secretary Jim Mattis told senior leadership to establish teams to look for duplication across the armed services in business operations, including in IT and cybersecurity.

  • Image from Shutterstock.com

    DHS vague on rules for election aid, say states

    State election officials had more questions than answers after a Department of Homeland Security presentation on the designation of election systems as critical U.S. infrastructure.

  • Org Chart Stock Art - Shutterstock

    How the hiring freeze targets millennials

    The government desperately needs younger talent to replace an aging workforce, and experts say that a freeze on hiring doesn't help.

  • Shutterstock image: healthcare digital interface.

    VA moves ahead with homegrown scheduling IT

    The Department of Veterans Affairs will test an internally developed scheduling module at primary care sites nationwide to see if it's ready to service the entire agency.

  • Shutterstock images (honglouwawa & 0beron): Bitcoin image overlay replaced with a dollar sign on a hardware circuit.

    MGT Act poised for a comeback

    After missing in the last Congress, drafters of a bill to encourage cloud adoption are looking for a new plan.

Reader comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

More from 1105 Public Sector Media Group