Carper, left, and Coburn, center, have been exploring legislation that could include changes to the government’s efforts to secure its own computer networks and codification of the cybersecurity role of the Homeland Security Department.
Congress almost certainly won’t pass any kind of major cybersecurity legislation in 2013, according to industry officials, lobbyists and others who track the issue.
Protecting the nation’s cyber infrastructure has been a top priority for the White House and many lawmakers, but the legislative effort has been done in by fugitive intelligence contractor Edward Snowden’s leaks, a crowded congressional agenda, differing views over the role of the Department of Homeland Security and affiliated organizations, and a wait-and-see approach to an executive branch cybersecurity initiative that won’t be wrapped up until next year.
Lawmakers are still likely to keep discussing cybersecurity, and the legislative push could get revived in 2014. The U.S. Chamber of Commerce is holding its second annual cybersecurity summit Wednesday, and another summit is happening the same day at the National Press Club.
Leaders of the Senate Homeland Security and Governmental Affairs Committee are working together to come up with bipartisan legislation. A House Homeland Security subcommittee last week approved a smaller cybersecurity bill (HR 3107) that would seek to strengthen the government’s cybersecurity workforce, and the committee as a whole is working to write broader legislation.
But that broader House Homeland Security draft bill is an example of some of the hurdles in the way of enacting a cybersecurity measure this year.
Chairman Michael McCaul, R-Texas, has acknowledged that the bill slipped off the schedule this summer after the uproar over Snowden’s revelations about National Security Agency programs. And it has encountered resistance from some in the industry who oppose language that they fear would federalize sector coordinating councils — private sector organizations that frequently partner with the Department of Homeland Security.
Some in industry, such as Larry Clinton, president and CEO of the Internet Security Alliance, would prefer that Congress hold off on aspects of cybersecurity legislation until the Obama administration completes work on its cybersecurity framework, a voluntary initiative meant to incentivize protection of critical computer systems by their private sector owners.
“I think that it is unlikely that we’re going to see serious legislative activity in this calendar year,” Clinton said. “The real activity is not going to happen until after the framework is finalized, and that doesn’t come until February, 2014.”
After that, there could be a legislative push in a variety of directions depending on how the framework turns out — such as for a more regulatory approach, or for incentives that the administration can’t put in place without Congress’ help, said Clinton. In the meantime, Clinton said Congress could hold hearings on aspects of the framework in preparation for winter action.