Election's end revives hope for cybersecurity action

For much of the past year, cybersecurity has itself been a battleground – subject to partisan tug-of-war and unsuccessful legislation on Capitol Hill, as well as the possibility of a White House executive order. Now, as Congress is expected to reconvene on Nov. 13 following President Barack Obama’s re-election, there is cautious optimism in Washington that there may finally be decisive action.

While no one denies the importance of cybersecurity legislation, it’s unclear how high of a priority it will be as the 2013 budget, sequestration, tax cuts and the Farm Bill, among other measures, compete for congressional attention. However, with Obama confirmed for another term in office, the potential for a cyber executive order looks increasingly likely, which would at least partially address cybersecurity regulation for the time being.

Combined with the increasing public awareness of the cyber threat – and subsequent pressure on lawmakers to take action – the end of election season sets the stage for action on cybersecurity, according to a panel of insiders speaking Nov. 7 at the Symantec Government Symposium in Washington.

“There’s the trifecta of knowing who controls the Senate, knowing who the President is and the fact that there’s not an election. That, combined with the executive order looming, has to change the calculation of the people, organizations and stakeholders that sought to and did obstruct legislation,” said Clete Johnson, professional staff and counsel for the Senate Select Committee on Intelligence.

But will that be enough to end congressional infighting that helped curb legislation aiming to secure U.S. critical infrastructure and foster cooperation between government and industry? Both the House and the Senate would be starting from scratch after the Senate’s failed Cybersecurity Act of 2012. Representatives from both sides admit that could be a tall order – especially with so many other critical competing priorities.

“I think it’s difficult to put where on the scale [of legislative priorities] cybersecurity will be. I think both [Speaker of the House John Boehner] and [Senate Majority Leader Harry Reid] have the realization of how important this issue is, and certainly the White House does too,” said Michael Seeds, legislative director for Rep. Mac Thornberry (R-Texas). Still, “anything with the word ‘regulation’ tied to it is going to be difficult to get through the House. I’m not sure how much of that has changed since the election or under the threat of the executive order. I do think a lot of the work we’ve done over the past year is laying the groundwork for continuing the conversation into the next Congress.”

Industry and other non-government stakeholders also have played a critical role in cybersecurity lawmaking. One of the most crucial – and most contested – parts of the various pieces of legislation has been the partnership between government and industry, and those outside influences have played a major role in cybersecurity’s long road through Washington.

“There seemed to be a very loud voice of industry saying, ‘No, don’t do this,’ but I don’t think that was necessarily a unified voice. It just happened to be a loud voice that was out there saying they didn’t want to be regulated, and the rest of industry sort of followed along,” said Tim Molino, director of government relations for the Business Software Alliance. “It is a complicated issue and it is something the government should be involved in at some level. Getting it right is the hard part, and there should be a debate on it.”

Undoubtedly, amid that debate, the two chambers of Congress are watching each other closely to determine the best way to move forward. While there is a sense of wariness regarding the two most controversial parts of proposed bills – regulation of private sector operators of critical infrastructure and protections for information-sharing – there also is a shared sense of confidence.

“There are some difficult differences and these are difficult issues because they’re substantive and politically complex,” Johnson said. “If you have [the legislation] pass in the Senate with the support of the entire military and intelligence establishment and then it goes to the House, could we work it out? I think the Chairman of the Joint Chiefs of Staff can also talk to the House Republicans…so we’re confident that if the political obstructions are removed, enactment follows.”

On the other side, Seeds also expressed hope that the teamwork that so far has gone into cybersecurity will prove effective

“We’ve had the White House, Senate and House all three actively working toward cyber legislation, so…we’re optimistic we can get something done,” Seeds said.