OVERNIGHT TECH: Next steps for the cybersecurity framework

THE LEDE: With the Obama administration’s cybersecurity framework officially launched, many are waiting to see what the federal government does next to encourage companies to adopt best practices.

The administration released its voluntary cybersecurity framework Wednesday, a year after President Obama’s executive order on cybersecurity, which directed the Commerce Department’s National Institute of Standards and Technology to create the framework. The document sets voluntary guidelines and benchmarks for private critical infrastructure companies to protect against and respond to cyber threats.


The administration is still “trying to figure out what incentives they can offer to encourage companies to adopt the framework,” which will be a “work in progress for several years, according to Paul Tiao, former cybersecurity adviser to FBI Director Robert Mueller, currently a partner at Hunton and Williams’s privacy and data security practice.

The administration will also have to determine how it wants to measure the success of the program because the framework can be applied differently by each company and does not come with reporting requirements, he said.

“Adopting the framework can mean a lot of different things to a lot of different people,” he said.

Robert Mayer, vice president of industry and state affairs at US Telecom Association, pointed to the Department of Homeland Security’s voluntary outreach and resource program, also unveiled on Wednesday. Mayer called it “a very important program and an incentive that’s in place,” and said it remains to be seen how well the Department can scale the program as more and more companies adopt the framework and need the program’s resources.

As the framework gets implemented, some are calling on Congress to pass complimentary cybersecurity legislation, either to address policy areas not addressed by the framework or to provide incentives for companies to participate in the voluntary program.

In his statement on the framework, Obama urged “Congress to move forward on cybersecurity legislation that both protects our nation and our privacy and civil liberties.”

“While I believe today’s Framework marks a turning point, it’s clear that much more work needs to be done to enhance our cybersecurity,” he said.

Michelle Richardson, legislative counsel at the ACLU, said there “is still room to legislate” in other cybersecurity areas that would compliment the framework, including bolstering the Department of Homeland Security’s authority and increasing funding for cybersecurity-related research and development.

Richardson said Congress should not consider legislation that would allow private companies and government entities to share sensitive information without necessary privacy protections.

“Huge grants of immunity for collecting and using information are absolutely politically unfeasible and are not going to pass anytime soon,” she said.

While many attempts at cybersecurity legislation have failed in the past, the recent spate of high-profile data breaches may change the landscape, Tiao said. 

Members of Congress have called for more attention to be focused on the recent high-profile data breaches in the retail sector, including by holding hearings, which “suggests that this set of breaches has had an impact on Congress,” he said. “It is still early, but it’s possible that these breaches that might create momentum for movement on cybersecurity legislation.”

FCC Republican wants diverse input: Mike O’Rielly, a Republican commissioner at the Federal Communications Commission (FCC), said Wednesday that the agency needs more input from diverse voices.

“We need your diverse views and voices on the record,” especially when it comes to areas where the FCC could overreach, “which we’re prone to do,” he said, speaking at an event hosted by the American Enterprise Institute. Groups like AEI should provide their perspectives and analyses to the FCC, as the agency “finds a way to slant the discussion to help justifying new regulations,” he said.

O’Rielly said he could not comment on FCC Chairman Tom Wheeler’s plans to respond to the recent court decision that overturned the agency’s net neutrality rules. Earlier this week, Wheeler said he would be announcing next steps in the coming days.

“I’ve heard very little so far,” O’Rielly said of Wheeler’s plans.

House panel sets online sales tax hearing: The House Judiciary Committee is planning to hold a hearing on an online sales tax on March 4, according to a committee aide. Witnesses have yet to be announced, but retailers have said that they consider the issue one of their most important for the year.

Supporters of a tax on online sales say that “e-fairness” would level the playing field for brick-and-mortar stores that lose out when customers shop online to avoid paying sales tax. Opponents say that it would force small businesses to comply with a mess of state and local tax laws.

The House has been ground zero for the effort since last summer, when the Senate passed the Marketplace Fairness Act. The bill lets states collect taxes when people buy from out-of-state businesses.

Franken to reintroduce location privacy bill: Sen. Al FrankenAlan (Al) Stuart FrankenTake Trump literally and seriously in Minnesota Ninth woman accuses Al Franken of inappropriate contact Al Franken to host SiriusXM radio show MORE (D-Minn.) will reintroduce a bill requiring that consumers give clear consent before information from their GPS devices can be collected or shared, he said.

The decision comes after the Democrat received information from the automaker Ford about how it uses GPS tracking in its vehicles. Franken has previously pressed the company on its data tracking, and said on Wednesday that he was concerned it is using fine print on its user agreements to get people’s consent for the tracking.

“This is sensitive information—and notices to consumers about this sensitive data shouldn’t get lost in fine print,” he said in a statement.

The Location Privacy Protection Act made it through the Judiciary Committee in 2012 but never got a vote on the floor.

Utah bill targets NSA: A bill in Utah’s state legislature would turn off the water at the National Security Agency’s (NSA) facility in the state. The bill from state Rep. Marc Roberts (R), which follows a string of similar efforts to prevent state utilities from supporting the agency, would threaten the massive data center the NSA keeps outside of Salt Lake City, which relies on about 1.7 million gallons of water a day to cool its computers.

The Utah bill is modeled after draft legislation written by the Tenth Amendment Center, a states’ rights organization, that would prevent a state from being able to grant any support or assistance to a federal agency that gathers data with a specific warrant. Supporters of the effort say that states should not be offering support to the NSA or any other any federal agency that collects information about people without a warrant.

Similar bills have been introduced in a handful of other states including Maryland, where the spy agency's headquarters is based.

Comcast brings on lobbying muscle: Comcast has hired a new lobbyist at Holland and Knight to help push its issues on Capitol Hill.

Paul Bock, a former staffer on the Senate Judiciary Committee and the ex-chief of staff to former Sen. Herb Kohl (D-Wis.), will lobby for the company on patent law reform and the federal law regulating telecommunications, according to a lobbying disclosure report filed this week.

Bock will also be helping on “tax extenders legislation,” which carries over various temporary tax deductions from year to year. 



The Obama administration released a long-awaited framework for cybersecurity that is intended to nudge businesses toward strengthening their networks against attacks. 

Sen. Rand PaulRandal (Rand) Howard PaulRand Paul calls for probe of Democrats over Ukraine letter Sunday Show Preview: Trump's allies and administration defend decision on Syria Ana Navarro clashes with Rand Paul in fiery exchange: 'Don't mansplain!' MORE (R-Ky.) filed a class-action lawsuit against the Obama administration for violating the privacy rights of millions of Americans. 

The collection of phone records by the NSA has no basis in the law, a member of an independent federal advisory board said.

Sens. Jay RockefellerJohn (Jay) Davison RockefellerBottom Line World Health Day: It's time to fight preventable disease Lobbying World MORE (D-W.Va.) and Ed MarkeyEdward (Ed) John MarkeyDemocrats urge Rick Perry not to roll back lightbulb efficiency rules Ocasio-Cortez taps supporters for donations as former primary opponent pitches for Kennedy Rep. Joe Kennedy has history on his side in Senate bid MORE (D-Mass.) introduced a bill that would rein in the companies that silently track and label consumers for marketing purposes. 

Dozens of House lawmakers want the Obama administration to release the secret “black budget” used to fund intelligence agencies. 


Please send tips and comments to Kate Tummarello, katet@thehill.com, and Julian Hattem, jhattem@thehill.com

Follow Hillicon Valley on Twitter: @HilliconValley, @ktummarello, @jmhattem