Legislation

Cyber order could help shape later law

U.S. Capitol Dome - Photo by the Architect of the Capitol

The expected cybersecurity executive order should serve as a template for action when Congress once again takes up cybersecurity legislation, according to Capitol Hill insiders speaking at 1105 Government Events’ Oct. 22 cybersecurity conference.

The order will be useful for guidance regardless of any potential post-election power shifts, they said.

(1105 Government Events is part of 1105 Media, the parent company of FCW.)

“There are a lot of moving pieces, but the ground has now been plowed. No matter who’s in leadership position, the awareness has been raised, people are on the record and we have leaders on both sides of the aisle [agreeing] something needs to be done. The rest is just details,” said Clete Johnson, counsel in the office of Sen. Jay Rockefeller (D-W.Va.) and lead staffer on the Senate Select Committee on Intelligence. “Whatever happens in November, I don’t think too much more time is going to pass before we do what we need to do, no matter who the leadership is."

There are limitations on what the executive order can encompass, though, which means that legislation still is critical to national security in cyberspace. An executive order cannot codify, meaning it relies on existing statutes that it cannot alter – a significant issue for information-sharing, which is crucial to cybersecurity action.

“The EO could [address] government-private sector information-sharing; the problem is the limits on what it can do for private-to-private and private-to-government,” particularly with regard to liability concerns, Johnson said. “It would require amending electronic privacy statutes, and an EO can’t do that. It’s a major problem since information-sharing is one of the two cornerstones.”

The other cornerstone is critical infrastructure, which has challenges of its own in an executive order.

“Critical infrastructure is mostly life-or-death-type systems…the difficulty with them is defining which are critical and then [addressing] the ‘ad hocracy’ or ad-hoc approach to them that our government and society bring to securing those systems,” Johnson noted.

“How do you promote best practices, leadership and accountability?” Johnson asked. “The most important thing is how do you allow private-sector market incentives and dynamics to drive a race to the top on cybersecurity, as opposed to [a government-led] top-down approach.”

Another problem is the range of policies and governance employed across the critical infrastructure sector. The patchwork nature of the regulations are presenting a hurdle for the White House, according to Trey Hodgkins, TechAmerica’s senior vice president, global public sector.

“One challenge the White House indicated they’re undertaking is going through the existing authorities for each sector,” said Hodgkins, who has met with stakeholders from the government and private sector regarding the executive order. “Since there aren’t uniformities across the sector, they are attempting to understand existing authorities and what they may or may not be able to do.”

Even after the executive order – if it does indeed become a reality – there will still be an uphill battle on the Hill, where partisan stalemates could threaten action once again.

“It’s very difficult to predict procedurally how [legislation will] go through. We hope something can happen swiftly but at same time…we have to first do no harm. We have to make sure we’re still doing what we think is the right way to move forward. We have to work quickly but smartly,” said Michael Seeds, legislative director for Rep. Mac Thornberry (R-Texas). “This lays the groundwork for the next Congress…we’re hopeful.”

About the Author

Amber Corrin is a former staff writer for FCW and Defense Systems.

The Fed 100

Read the profiles of all this year's winners.

Featured

  • Then-presidential candidate Donald Trump at a 2016 campaign event. Image: Shutterstock

    'Buy American' order puts procurement in the spotlight

    Some IT contractors are worried that the "buy American" executive order from President Trump could squeeze key innovators out of the market.

  • OMB chief Mick Mulvaney, shown here in as a member of Congress in 2013. (Photo credit Gage Skidmore/Flickr)

    White House taps old policies for new government makeover

    New guidance from OMB advises agencies to use shared services, GWACs and federal schedules for acquisition, and to leverage IT wherever possible in restructuring plans.

  • Shutterstock image (by Everett Historical): aerial of the Pentagon.

    What DOD's next CIO will have to deal with

    It could be months before the Defense Department has a new CIO, and he or she will face a host of organizational and operational challenges from Day One

  • USAF Gen. John Hyten

    General: Cyber Command needs new platform before NSA split

    U.S. Cyber Command should be elevated to a full combatant command as soon as possible, the head of Strategic Command told Congress, but it cannot be separated from the NSA until it has its own cyber platform.

  • Image from Shutterstock.

    DLA goes virtual

    The Defense Logistics Agency is in the midst of an ambitious campaign to eliminate its IT infrastructure and transition to using exclusively shared, hosted and virtual services.

  • Fed 100 logo

    The 2017 Federal 100

    The women and men who make up this year's Fed 100 are proof positive of what one person can make possibile in federal IT. Read on to learn more about each and every winner's accomplishments.

Reader comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

More from 1105 Public Sector Media Group