The Hill

Lawmakers: Leaks slowed cybersecurity legislation

U.S. Capitol at Night

The disclosures of classified surveillance programs by former National Security Agency contractor Edward Snowden have further slowed the already ponderous process of passing cybersecurity legislation, and also put U.S. commercial networks at increased risk of attack, the bill's top sponsors said Sept. 12.

Rep. Mike Rogers (R-Mich.), chairman of the House Intelligence Committee, said that "misperceptions" created by media reports based on documents leaked by Snowden  have slowed  efforts to advance the Cyber Intelligence Sharing and Protection Act (CISPA), which the House passed in April.

"We've had great conversations with the Senate. They haven't given up on it. We think that [they] will make a few changes and maybe, hopefully, get a bill sent to the president," Rogers said at the Intelligence and National Security Alliance (INSA) conference in Washington, D.C.

Rep. Dutch Ruppersberger (D-Md.), ranking member on the committee, sounded slightly more pessimistic, saying the bill was currently stalled in the Senate. "We're trying to work on that," he said, appearing on the same stage as Rogers.

CISPA would create a framework for information sharing on cyberthreats between industry and government. The bill is a reworking of a 2011 version that drew considerable criticism from privacy advocates. The latest iteration includes provisions designed to place limits on what the government could do with personal information received as part of threat reports from private industry.

However, news reports of National Security Agency programs designed to collect and retain bulk phone metadata records from telecommunications carriers and details of Internet activity from private firms have significantly reduced the appetite for new cybersecurity legislation. Instead, some legislators on both sides of the aisle are looking for ways to curb the authority of the NSA to collect information.

Rep. Justin Amash (R-Mich.) sponsored an amendment to the Defense authorization bill that would have banned the NSA from storing bulk phone metadata records. The proposal was narrowly defeated. Rep. Rush Holt (D-N.J.) introduced legislation that would roll back some spying authorities granted to the government under the Patriot Act and the Foreign Intelligence Surveillance Act.

Despite the relationships with commercial firms detailed in news reports, the intelligence community still faces a gap when it comes to observing cybersecurity threats faced by private networks, according to senior officials who spoke at the INSA conference.

"We need to have partnerships with industry. We need to understand what is going on within not just our own networks but the nation's networks," Rear Adm. Sean Filipowski, director of intelligence at U.S. Cyber Command, told a panel at the INSA conference.

At a separate panel, Michael Werthheimer, director of research at NSA, said, "You need a legal framework to protect that sharing of information."

Rogers raised the specter of a possible cyberattack on U.S. networks by the Syrian Electronic Army, should the United States pursue military options against Syria. "There are huge vulnerabilities in the private sector system," Rogers said. Without real-time information sharing, the private sector would lack the ability to protect their networks.

The lack of visibility into private-sector networks prevents the intelligence community from getting a top-down view of cyberthreats, said Jim Richberg, deputy national intelligence manager for cyber at the Office of the Director of National Intelligence. "What we definitely need if we're going to produce a holistic view of cyberthreats from an intelligence perspective is finding a way of doing this as a fused, partnered product and process."

That does not necessarily mean that information is not already being shared between private industry and government with regard to network vulnerabilities and threats.

Werthheimer said that in the case of a major flaw in a device or in a piece of important software, the NSA is able to reach out to employees with security clearances at affected companies and discuss how to remediate the problem.

"When you get software updates at home, sometimes major updates you got at home came from NSA," Werthheimer said. "That's part of the role we have to play."

About the Author

Adam Mazmanian is executive editor of FCW.

Before joining the editing team, Mazmanian was an FCW staff writer covering Congress, government-wide technology policy, health IT and the Department of Veterans Affairs. Prior to joining FCW, Mr. Mazmanian was technology correspondent for National Journal and served in a variety of editorial roles at B2B news service SmartBrief. Mazmanian started his career as an arts reporter and critic, and has contributed reviews and articles to the Washington Post, the Washington City Paper, Newsday, Architect magazine, and other publications. He was an editorial assistant and staff writer at the now-defunct New York Press and arts editor at the online network in the 1990s, and was a weekly contributor of music and film reviews to the Washington Times from 2007 to 2014.

Click here for previous articles by Mazmanian. Connect with him on Twitter at @thisismaz.

The Fed 100

Read the profiles of all this year's winners.


  • Then-presidential candidate Donald Trump at a 2016 campaign event. Image: Shutterstock

    'Buy American' order puts procurement in the spotlight

    Some IT contractors are worried that the "buy American" executive order from President Trump could squeeze key innovators out of the market.

  • OMB chief Mick Mulvaney, shown here in as a member of Congress in 2013. (Photo credit Gage Skidmore/Flickr)

    White House taps old policies for new government makeover

    New guidance from OMB advises agencies to use shared services, GWACs and federal schedules for acquisition, and to leverage IT wherever possible in restructuring plans.

  • Shutterstock image (by Everett Historical): aerial of the Pentagon.

    What DOD's next CIO will have to deal with

    It could be months before the Defense Department has a new CIO, and he or she will face a host of organizational and operational challenges from Day One

  • USAF Gen. John Hyten

    General: Cyber Command needs new platform before NSA split

    U.S. Cyber Command should be elevated to a full combatant command as soon as possible, the head of Strategic Command told Congress, but it cannot be separated from the NSA until it has its own cyber platform.

  • Image from Shutterstock.

    DLA goes virtual

    The Defense Logistics Agency is in the midst of an ambitious campaign to eliminate its IT infrastructure and transition to using exclusively shared, hosted and virtual services.

  • Fed 100 logo

    The 2017 Federal 100

    The women and men who make up this year's Fed 100 are proof positive of what one person can make possibile in federal IT. Read on to learn more about each and every winner's accomplishments.

Reader comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

More from 1105 Public Sector Media Group