CYBEREYE

Future of cybersecurity lost in legislative limbo

As administration moves forward, legislation is put on back burner

At last count, there were more than 40 bills, resolutions and amendments dealing with cybersecurity pending in the House and Senate. They offer funding for cybersecurity research and development, deplore developments in China, establish new consumer protections, update government regulations, and create new executive oversight authority.

But none of these seems to be heading for passage anytime soon. And by this date in an election year, soon is the only time left. With the campaign season already under way and summer recesses coming up, the 111th Congress soon will be history, and everything will then need to start over.

During an administration that has declared cybersecurity a major national security issue and at a time when the term "cyber war" is cropping up in headlines and on talk shows, when the Internet is becoming synonymous with identity theft and phishing is being spelled with a “ph” as often as an “f,” why is this so?


Related stories

FISMA gets the tools to do the job

New cybersecurity coordinator says he has the president’s ear


Despite the rising profile of cybersecurity, it apparently still is not a sexy issue politically. Senators and representatives tread delicately through the minefields of health care, financial regulation and immigration because anything they say can and will be used against them in the coming election, and neutrality is not an option. But being on the wrong — or right — side of cyber defense is not likely to lose anyone many votes, so it is not a high priority.

Perhaps the more important question is: Does this matter?

Probably not. There are some important cybersecurity issues that should be addressed, and the most critical of them are being addressed through regulatory rather than legislative channels.

For instance, the Federal Information Security Management Act is in need of an update. But while Congress proposes, the White House disposes, with new standards for FISMA reporting that require agencies to shift from paper-based annual reports to real-time data feeds of system status. The new standards, issued through the Office of Management and Budget in April, are part of a much-needed move away from paper-based compliance to real-time visibility and automated security systems.

And the Executive Cyberspace Authorities Act of 2010 (H.R. 5247) introduced in May by Rep. James Langevin (D-R.I.), would establish a White House National Cyberspace Office for coordinating national cybersecurity policy. The director would have a seat on the National Security Council and would coordinate defense of government networks in case of an attack.

But President Barack Obama appointed a White House cybersecurity coordinator this year. Although he does not have the budget authority the NCO director would have, OMB does have this authority under FISMA. Langevin’s proposal might well have merit, but even though it took the president nearly a year to name a cybersecurity coordinator, the administrative track is proving more flexible and speedy than the legislative one.

There are some issues that could benefit from Congress’ attention, such as a national standard for data breach notification and protection of sensitive personal information. That is covered by a patchwork of state laws. But even in that case, holders of personal information can avoid confusion simply by adopting the highest standards practical and doing their best to avoid breaches.

Mark Twain said “no man's life, liberty or property are safe while the legislature is in session.” I wouldn’t go that far. But there are good avenues for regulating cybersecurity without new legislation.

About the Author

William Jackson is a Maryland-based freelance writer.

Featured

  • Cybersecurity

    DHS floats 'collective defense' model for cybersecurity

    Homeland Security Secretary Kirstjen Nielsen wants her department to have a more direct role in defending the private sector and critical infrastructure entities from cyberthreats.

  • Defense
    Defense Secretary James Mattis testifies at an April 12 hearing of the House Armed Services Committee.

    Mattis: Cloud deal not tailored for Amazon

    On Capitol Hill, Defense Secretary Jim Mattis sought to quell "rumors" that the Pentagon's planned single-award cloud acquisition was designed with Amazon Web Services in mind.

  • Census
    shutterstock image

    2020 Census to include citizenship question

    The Department of Commerce is breaking with recent practice and restoring a question about respondent citizenship last used in 1950, despite being urged not to by former Census directors and outside experts.

Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.