House takes on cybersecurity bills
The House is set to take the lead in considering a wide range of measures designed to bolster America's cyberdefenses this week, taking on as many as four cybersecurity bills.
Measures coming up during "Cyber Week" include bills that would encourage businesses and government to share threat information; increase cyber research, development, and education; and update federal network security practices.
"From the perspective of America's major innovators, there is no Republican cybersecurity or Democratic cybersecurity. There is only American cybersecurity, where urgent action is needed now," 10 telecom and technology industry groups wrote in a letter to congressional leaders on Wednesday.
Unfortunately, it's not that easy. Pushed by the White House, Senate Homeland Security and Governmental Affairs Committee leaders proposed sweeping legislation that includes greater government oversight of some critical private networks. Senate Republicans, worried about regulation, stymied the momentum with competing legislation based on voluntary measures and incentives for businesses.
While there is bipartisan agreement on the nature of cyberthreats, the path forward for many of the most ambitious bills has been complicated by election-year concerns about government regulation; tension among the many different committees that claim jurisdiction over cybersecurity issues; and differing proposals from the House, the Senate, and the White House.
The Obama administration has tried to win lawmakers over with multiple briefings by heavy hitters from the Homeland Security and Justice departments as well as defense and intelligence agencies. But it doesn't seem to have worked, and as the House bills have neared floor debate, Democrats have chafed at the greater involvement of GOP leaders.
"House Republican leadership appears determined to approach this vital national-security challenge like every other issue: in an extremely partisan way that impedes progress, in this case siding with those in critical industries who are neglecting public safety," Rep. Jim Langevin, D-R.I., cochairman of the bipartisan Congressional Cybersecurity Caucus, said after government cybersecurity-oversight proposals were dropped at the request of House leaders.
One of the most controversial bills is the Cyber Intelligence Sharing and Protection Act, championed by House Intelligence Committee Chairman Mike Rogers, R-Mich., and ranking member Dutch Ruppersberger, D-Md. CISPA uses liability protection and other incentives to encourage businesses to share information about cyberattacks and allow government agencies to share classified information with businesses. Many businesses like its voluntary provisions, while civil-liberties advocates worry about language they say could open the door to government surveillance. The bill enjoys bipartisan support in the House, but the White House says a bill without some federal oversight cannot effectively reduce cyberthreats.
"Legislation without new authorities to address our nation's critical infrastructure vulnerabilities, or legislation that would sacrifice the privacy of our citizens in the name of security, will not meet our nation's urgent needs," National Security Council spokeswoman Caitlin Hayden said on Tuesday.
But CISPA seems to be the bill of choice for House Republican leaders, who pressured the Homeland Security Committee to scale back its Promoting and Enhancing Cybersecurity and Information Sharing Effectiveness Act, which would have been similar to the White House and Senate proposals. The PRECISE Act's GOP sponsors said that without the changes, the bill would not reach the floor.
That prompted a furious response from the committee's Democrats when PRECISE was marked up on Wednesday. Ranking member Bennie Thompson, D-Miss., complained that Republicans had replaced the "value judgment of dozens of current and former top national-security officials with the narrow view of the House Republican leadership."
The PRECISE Act won't be making an appearance on the House floor until GOP leaders gauge how much support the revised bill has among Democrats, Homeland Security Chairman Peter King, R-N.Y., told National Journal Daily on Friday.
Less-controversial proposals before the House include the Federal Information Security Amendments Act, proposed by Oversight Chairman Darrell Issa, R-Calif., to overhaul federal network-security rules. It would require agencies to take a more proactive approach to cybersecurity, including continuously monitoring their networks.
The Cybersecurity Enhancement Act, sponsored by Rep. Michael McCaul, R-Texas, who cochairs the Congressional Cybersecurity Caucus, would provide for more cybersecurity research and development as well as promote education to develop a larger, more skilled cybersecurity workforce.
House Science, Space, and Technology Chairman Ralph Hall, R-Texas, has a bill, the Advancing America's Networking and Information Technology Research and Development Act, which is aimed at federal cybersecurity research and development programs.
Likely not on the agenda, at least not yet, is the SECURE IT (Strengthening and Enhancing Cybersecurity by Using Research, Education, Information, and Technology) Act, introduced by Reps. Mary Bono Mack, R-Calif., and Marsha Blackburn, R-Tenn. This is an industry-friendly cybersecurity bill that mirrors legislation championed by Republicans in the Senate, but it has yet to be marked up by committee.