The most optimistic Congressional observers (a rare breed in Washington) have dared express the view that the recently enacted two-year budget agreement may encourage representatives and senators of both political parties to come together to tackle other important issues.
While placing too much hope on the 113th Congress seems to be a recipe for disappointment, movement on the cybersecurity front may prove that it is indeed possible to replicate the feat of congressional legerdemain pulled off by Sen. Patty Murray (D-Wash.) and Rep. Paul Ryan (R-Wis.) last December.
This legislation, the National Cybersecurity and Critical Infrastructure Protection (NCCIP) Act, is coming together at a propitious time. The recent massive cyber assault on Target and the smaller-scale attacks that seem to be revealed almost daily serve as a reminder that this is a public policy area that needs immediate attention.
Scheduled for Committee markup in the coming weeks, the NCCIP would not have been possible without the sustained leadership of Homeland Security Committee chair Michael McCaul (R-Texas), ranking member Bennie Thompson (D-Miss), and their counterparts on the Cybersecurity, Infrastructure Protection, and Security Technologies Subcommittee, Reps. Patrick Meehan (R-Penn.), and Yvette Clarke (D-N.Y.).
The bill in its present form would codify and strengthen civilian cybersecurity authorities within DHS consistent with policy doctrine under both President Bush and Obama, help DHS expand its work with the private sector, and amend the Safety Act to establish a threshold for qualifying cyber incidents to help address liability issues related to cybersecurity. All of these are important objectives and hopefully the legislation will be reported overwhelmingly to the House for further consideration.
Although the bill is not perfect, Reps. McCaul, Thompson, Meehan, and Clarke should be commended for negotiating a strong bipartisan measure that has garnered substantial stakeholder support. The legislation is supported by diverse industry leaders such as AT&T, the Financial Services Roundtable, American Gas Association, and by privacy groups, such as the American Civil Liberties Union.
While the House Republican leadership has not yet agreed to move the bill, these four House members may have provided the spark needed to spur action on meaningful cybersecurity reform. If it passes the NCCIP Act, the House will have moved legislation addressing the three key areas of cybersecurity reform: (1) removing information sharing barriers; (2) updating the Federal Information Security Management Act to require continuous diagnostic monitoring; and (3) providing statutory clarity for DHS to establish civilian leadership over cyber security. While all of these will require additional amendment to satisfy White House concerns, taken together they form the basis for meaningful reform.
Anyone who has had their credit card compromised or personal information stolen can attest to the fact that cybersecurity threats grow greater with each passing day. Clearly, additional legislation is required to address our nation’s cyber vulnerabilities.
While conventional wisdom is that little legislation moves during an election year, Reps. McCaul, Thompson, Meehan, and Clarke have provided members in both parties and both chambers with another example of the benefits of compromise and the power of bipartisan leadership.
Peacock is vice president of Cornerstone Government Affairs. He joined Cornerstone in May 2013 and co-leads the homeland security practice group along with Michelle Mrdeza. He was previously Assistant DHS Secretary for Legislative Affairs in the Obama administration and former Judiciary Committee counsel to then Senator Joseph R. Biden, Jr.