Fate of cyber bills hangs on lame-duck session

By Max Cacas
Reporter
Federal News Radio

As National Cybersecurity Awareness Month comes to a close, the talk on Capitol Hill is once again turning to the consideration and passage of comprehensive legislation to beef up cybersecurity. With Congress slated to return for a lame duck session two weeks after next Tuesday’s elections, what are the chances for a cybersecurity bill to be approved before the books close on the 111th Congress in December?

“It looks to me like comprehensive legislation will probably wait until next year,” said Louis Tucker, Republican staff director with the Senate Select Committee on Intelligence during a panel discussion on cybersecurity legislation sponsored by the Heritage Foundation Tuesday.

Tucker came to stump on behalf of a cybersecurity bill promoted by Sens. Kit Bond (R-Mo.), and Orrin Hatch (R-Utah), called the National Cyberinfrastructure Protection Act of 2010.

Advertisement

“This act was built on three principles,” he said. “First, we must be clear on what Congress can legislate on, and more importantly, where it should not legislate. Second, there must be one person in charge of cybersecurity for the federal government. Third, we need a voluntary public-private partnership to facilitate sharing cyber-threat information, research and technical support.”

Though this cybersecurity bill is not the measure that enjoys the most support in the Senate, Tucker said it is superior to other legislation now under consideration.

“Senators Bond and Hatch believe Congress should take care of what is needed most first, and that means organizing the federal government’s defenses, and creating the mechanism for sharing information with the private sector, and that’s it,” he said. “The rest can be tweaked over time.”

Tucker said the Bond-Hatch Bill takes a different approach than other legislation which he said takes a “parochial or committee-specific approach to this issue.”

The other legislation is S. 3480, the Protecting Cyberspace as a National Asset Act of 2010. Backed by Sens. Joseph Lieberman (I-Conn.) and Susan Collins (R-Maine) — the chairman and ranking member, respectively, of the Homeland Security and Governmental Affairs Committee, and Sen. Tom Carper (D-Del.). The measure currently enjoys the support of Senate Majority Leader Harry Reid (Nev.).

But prior to lawmakers leaving town to campaign for re-election, the measure was bogged down over disputes over which agency should be responsible for private sector cybersecurity, and how much authority the White House should have over private sector networks in the event of a cyber emergency.

“We need one element of our government focused on federal civilian systems, with operational authorities to enforce compliance with standards that are developed by NIST, and to develop best practices,” said Brandon Milhorn, the minority staff director for the Homeland Security Committee, and one of the principal architects of S. 3480.

Milhorn said Collins’ priority was to see that this function ended up in the agency which she feels is best suited and equipped to handle cybersecurity.

“The committee’s response to that concern was to create a center within the Department of Homeland Security to collapse all of the cyber-responsibilities that the Department already had,” he said.

Milhorn added the goal is to give this center clear responsibility for enforcing NIST’s cybersecurity protocols, and to build a broad civilian approach to cybersecurity.

John Kneuer, CEO of JKC Consulting, and the former assistant Commerce secretary in charge of the National Telecommunications and Information Administration under the Bush 43 administration, said he agreed with that aspect of the Lieberman-Collins bill.

“It’s a good idea to have a centralized point of contact in the federal government,” he said, “where the federal government can share information with the private sector, and more importantly, that information can flow back in.”

Kneuer said he’d rather see quick legislative action on the immediate need for a central government authority to facilitate cybersecurity information sharing, than a comprehensive bill, which he does not feel will pass during the lame duck session of Congress.

(Copyright 2010 by FederalNewsRadio.com. All Rights Reserved.)