Legislation

Cyber order could help shape later law

U.S. Capitol Dome - Photo by the Architect of the Capitol

The expected cybersecurity executive order should serve as a template for action when Congress once again takes up cybersecurity legislation, according to Capitol Hill insiders speaking at 1105 Government Events’ Oct. 22 cybersecurity conference.

The order will be useful for guidance regardless of any potential post-election power shifts, they said.

(1105 Government Events is part of 1105 Media, the parent company of FCW.)

“There are a lot of moving pieces, but the ground has now been plowed. No matter who’s in leadership position, the awareness has been raised, people are on the record and we have leaders on both sides of the aisle [agreeing] something needs to be done. The rest is just details,” said Clete Johnson, counsel in the office of Sen. Jay Rockefeller (D-W.Va.) and lead staffer on the Senate Select Committee on Intelligence. “Whatever happens in November, I don’t think too much more time is going to pass before we do what we need to do, no matter who the leadership is."

There are limitations on what the executive order can encompass, though, which means that legislation still is critical to national security in cyberspace. An executive order cannot codify, meaning it relies on existing statutes that it cannot alter – a significant issue for information-sharing, which is crucial to cybersecurity action.

“The EO could [address] government-private sector information-sharing; the problem is the limits on what it can do for private-to-private and private-to-government,” particularly with regard to liability concerns, Johnson said. “It would require amending electronic privacy statutes, and an EO can’t do that. It’s a major problem since information-sharing is one of the two cornerstones.”

The other cornerstone is critical infrastructure, which has challenges of its own in an executive order.

“Critical infrastructure is mostly life-or-death-type systems…the difficulty with them is defining which are critical and then [addressing] the ‘ad hocracy’ or ad-hoc approach to them that our government and society bring to securing those systems,” Johnson noted.

“How do you promote best practices, leadership and accountability?” Johnson asked. “The most important thing is how do you allow private-sector market incentives and dynamics to drive a race to the top on cybersecurity, as opposed to [a government-led] top-down approach.”

Another problem is the range of policies and governance employed across the critical infrastructure sector. The patchwork nature of the regulations are presenting a hurdle for the White House, according to Trey Hodgkins, TechAmerica’s senior vice president, global public sector.

“One challenge the White House indicated they’re undertaking is going through the existing authorities for each sector,” said Hodgkins, who has met with stakeholders from the government and private sector regarding the executive order. “Since there aren’t uniformities across the sector, they are attempting to understand existing authorities and what they may or may not be able to do.”

Even after the executive order – if it does indeed become a reality – there will still be an uphill battle on the Hill, where partisan stalemates could threaten action once again.

“It’s very difficult to predict procedurally how [legislation will] go through. We hope something can happen swiftly but at same time…we have to first do no harm. We have to make sure we’re still doing what we think is the right way to move forward. We have to work quickly but smartly,” said Michael Seeds, legislative director for Rep. Mac Thornberry (R-Texas). “This lays the groundwork for the next Congress…we’re hopeful.”

About the Author

Amber Corrin is a former staff writer for FCW and Defense Systems.

The Fed 100

Save the date for 28th annual Federal 100 Awards Gala.

Featured

  • Social network, census

    5 predictions for federal IT in 2017

    As the Trump team takes control, here's what the tech community can expect.

  • Rep. Gerald Connolly

    Connolly warns on workforce changes

    The ranking member of the House Oversight Committee's Government Operations panel warns that Congress will look to legislate changes to the federal workforce.

  • President Donald J. Trump delivers his inaugural address

    How will Trump lead on tech?

    The businessman turned reality star turned U.S. president clearly has mastered Twitter, but what will his administration mean for broader technology issues?

  • Login.gov moving ahead

    The bid to establish a single login for accessing government services is moving again on the last full day of the Obama presidency.

  • Shutterstock image (by Jirsak): customer care, relationship management, and leadership concept.

    Obama wraps up security clearance reforms

    In a last-minute executive order, President Obama institutes structural reforms to the security clearance process designed to create a more unified system across government agencies.

  • Shutterstock image: breached lock.

    What cyber can learn from counterterrorism

    The U.S. has to look at its experience in developing post-9/11 counterterrorism policies to inform efforts to formalize cybersecurity policies, says a senior official.

Reader comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

More from 1105 Public Sector Media Group