Future of cybersecurity lost in legislative limbo

As administration moves forward, legislation is put on back burner

At last count, there were more than 40 bills, resolutions and amendments dealing with cybersecurity pending in the House and Senate. They offer funding for cybersecurity research and development, deplore developments in China, establish new consumer protections, update government regulations, and create new executive oversight authority.

But none of these seems to be heading for passage anytime soon. And by this date in an election year, soon is the only time left. With the campaign season already under way and summer recesses coming up, the 111th Congress soon will be history, and everything will then need to start over.

During an administration that has declared cybersecurity a major national security issue and at a time when the term "cyber war" is cropping up in headlines and on talk shows, when the Internet is becoming synonymous with identity theft and phishing is being spelled with a “ph” as often as an “f,” why is this so?

Related stories

FISMA gets the tools to do the job

New cybersecurity coordinator says he has the president’s ear

Despite the rising profile of cybersecurity, it apparently still is not a sexy issue politically. Senators and representatives tread delicately through the minefields of health care, financial regulation and immigration because anything they say can and will be used against them in the coming election, and neutrality is not an option. But being on the wrong — or right — side of cyber defense is not likely to lose anyone many votes, so it is not a high priority.

Perhaps the more important question is: Does this matter?

Probably not. There are some important cybersecurity issues that should be addressed, and the most critical of them are being addressed through regulatory rather than legislative channels.

For instance, the Federal Information Security Management Act is in need of an update. But while Congress proposes, the White House disposes, with new standards for FISMA reporting that require agencies to shift from paper-based annual reports to real-time data feeds of system status. The new standards, issued through the Office of Management and Budget in April, are part of a much-needed move away from paper-based compliance to real-time visibility and automated security systems.

And the Executive Cyberspace Authorities Act of 2010 (H.R. 5247) introduced in May by Rep. James Langevin (D-R.I.), would establish a White House National Cyberspace Office for coordinating national cybersecurity policy. The director would have a seat on the National Security Council and would coordinate defense of government networks in case of an attack.

But President Barack Obama appointed a White House cybersecurity coordinator this year. Although he does not have the budget authority the NCO director would have, OMB does have this authority under FISMA. Langevin’s proposal might well have merit, but even though it took the president nearly a year to name a cybersecurity coordinator, the administrative track is proving more flexible and speedy than the legislative one.

There are some issues that could benefit from Congress’ attention, such as a national standard for data breach notification and protection of sensitive personal information. That is covered by a patchwork of state laws. But even in that case, holders of personal information can avoid confusion simply by adopting the highest standards practical and doing their best to avoid breaches.

Mark Twain said “no man's life, liberty or property are safe while the legislature is in session.” I wouldn’t go that far. But there are good avenues for regulating cybersecurity without new legislation.

About the Author

William Jackson is a Maryland-based freelance writer.


    sensor network (agsandrew/

    Are agencies really ready for EIS?

    The telecom contract has the potential to reinvent IT infrastructure, but finding the bandwidth to take full advantage could prove difficult.

  • People
    Dave Powner, GAO

    Dave Powner audits the state of federal IT

    The GAO director of information technology issues is leaving government after 16 years. On his way out the door, Dave Powner details how far govtech has come in the past two decades and flags the most critical issues he sees facing federal IT leaders.

  • FCW Illustration.  Original Images: Shutterstock, Airbnb

    Should federal contracting be more like Airbnb?

    Steve Kelman believes a lighter touch and a bit more trust could transform today's compliance culture.

Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.