Senate committee finds few hurdles with cyber proposal

WFED's Jason Miller on the Federal Drive

wfedstaff | June 4, 2015 6:26 am

Download audio

By Jason Miller
Executive Editor
Federal News Radio

The White House’s cybersecurity proposal made it through its first hurdle Monday as Senate Homeland Security and Governmental Affairs Committee members offered wide support for it.

Sens. Joseph Lieberman (I-Conn.), Susan Collins (R-Maine) and Tom Carper (D-Del.), the three sponsors of one of the major cybersecurity bills now before Congress, applauded the administration’s approach in that it followed closely to their bill.

“The White House’s proposed cybersecurity legislation represents a turning point in our efforts to pass the strong measures we need to protect consumers, businesses, critical infrastructure and our national security from terrorist, spies and crooks,” said Lieberman, the committee’s chairman, during a hearing on the administration’s proposal. “I’m pleased not just by the appearance by the administration’s cyber legislation, but also by its substance.”

Advertisement

Collins, the committee’s ranking member, offered general praise, but also questioned several areas that the administration left out or overlooked.

“I am pleased the administration has now fully engaged on the imperative issues of cybersecurity,” Collins said. “[T]he government’s overall approach to cybersecurity has been disjointed and uncoordinated.”

The Senate seems committed to passing comprehensive cybersecurity legislation this year that brings together major pieces of the White House’s bill, and the assortment of others lawmakers introduced over the past few months.

“The majority leader, Senator [Harry] Reid, has taken a very active interest in this legislation,” Lieberman said. “It remains a priority of his for this session. I’ve said to him I believe this is the most important piece of legislation coming out of our Homeland Security Committee in this session. He is working, I’m pleased to say, with Republican leader Sen. Mitch McConnell. There are five or six different committees of the Senate that claim some part of the jurisdiction over this subject matter. I believe it’s the intention of the bipartisan leadership of the Senate to establish a process by which all those committees can as quickly as possible negotiate any remaining differences in the bills that have come out of committee.”

One Senate source said a vote on the comprehensive cybersecurity legislation could come to the floor as early as July.

Lieberman said almost all of the differences between his committee’s bill and the Commerce, Science and Transportation Committee’s version have been worked out.

But there are at least three other committees with a lot of interest in cyber legislation. Lieberman said Reid’s groups will not come together until after the administration testifies as much as five more times on its proposal.

Monday’s hearing before Lieberman and Collins’ committee showed just how much common ground exists now, but also some potential sticking points emerged.

One of the biggest remaining hurdles is whether the legislation should update the President’s power for overseeing the Internet in the case of a national emergency.

Collins said she was “baffled” about why the administration is relying on the Communications Act of 1934.

“This is an area where we should be thinking ahead about exactly what authorities we want the President to have rather than leaving it ambiguous, rather than relying on a 1934 law that allows the President to take over control of radio stations,” she said. “This just doesn’t make sense to me. I hope you will work further with us to carefully define what the authorities are and to update the law.”

Phil Reitinger, the Homeland Security Department’s deputy undersecretary for the National Protection and Programs Directorate, signaled the administration would be willing to discuss an update.

“The statutory authorities in this space were written long ago and were not designed with the current enforcement in mind,” Reitinger said. “There are authorities there. The administration’s bill doesn’t include any additional emergency authorities for the President. Neither the committee or the administration sought or seeks any Internet kill switch. This is however a critical issue. This is a key area where I hope there would be further discussions between administration and the Congress to figure out the right set of mechanisms, if any, that were necessary to move forward in this space.”

Collins also asked why the Justice Department didn’t recommend amendments to the 77-year-old act.

Jason Chipman, the senior counsel to the deputy attorney general, said the administration wants to discuss this issue with Congress.

“The issue of what emergency powers are needed tends to be very context driven,” he said. “So the answer to that question I think becomes fairly nuanced depending on the type of emergency the government is facing. The work DHS has done to create a national cyber incident response plan is quite key. But beyond that it merits discussion.”

Lieberman also supports an update to the President’s powers.

Collins and Lieberman also questioned why the administration’s bill didn’t include a Senate-confirmed cybersecurity coordinator.

“I believe that cybersecurity at DHS must be led by a strong and empowered director who can close coordination gaps that currently exist,” Collins said. “The director should report to the secretary of Homeland Security and also serve as a principal advisor to the President on cybersecurity.”

Reitinger didn’t comment during the hearing on whether the administration is willing to discuss such a position.

Collins also would like to see an interagency cybersecurity organization set up similar to the National Counterterrorism Center (NCTC).

She said DHS would lead the effort, and it would include the departments of Defense, Justice and Commerce and the Office of the Director for National Intelligence among others.

“I can’t help but be struck by the irony that we have four departments represented here today and that is a very good thing because it shows the administration is working across departments,” she said. “But it’s ironic because, unlike our bill, the administration chose not to include in its bill an entity similar to the National Counterterrorism Center, which would bring together within DHS representatives from all of your agencies as well as ODNI and other agencies so we would institutionalize the kind of coordination and cooperation you’ve described that is occurring informally.”

Another big issue is around liability for vendors take action to protect their critical infrastructure operations from cyber attacks.

The Lieberman-Collins-Carper bill includes broader protections for companies than the White House proposal.

Lieberman said this issue may not be so much with the White House, but between Democrats and Republicans. He said he hopes the two sides can work through it.

Reitinger said there are some liability protections that currently exist under law to share information and protect government networks.

“This could end up to be a real obstacle to the passage of this bill,” Lieberman said. “It would be good to work together to try to find the common ground.”

(Copyright 2011 by FederalNewsRadio.com. All Rights Reserved.)