The 112th Congress, by all accounts, will be a busy one on the cybersecurity front. Both the House and the Senate have taken actions to suggest that Congress intends to be active legislatively, though likely in very different ways.
This week, several Democrats introduced S. 21, "Cyber Security and American Cyber Competitiveness Act of 2011." The bill is a series of findings, coupled with a sense of Congress, that places a marker for a future comprehensive bill. The senators called for bipartisan legislation that address the following issues:
1) U.S. government communications and IT network security
2) Incentives for the private sector
3) Investment in the IT sector
4) Development of risk analysis and response capabilities
5) Data breach protections
6) International response to cybersecurity issues
7) Critical infrastructure protection, in particular the electric grid, military assets, financial sector, and telecommunications network
8) Cybercrime investigation and prosecution
9) Privacy protections
Many of these issues were addressed in bills introduced or supported by the various committee chairs during the last Congress. It is expected that many of these bills will be merged into one, continuing the efforts begun last year to merge the Rockefeller-Snowe and Lieberman-Collins cybersecurity bills. Interestingly, even though Sens. Feinstein and Levin, chairs of the Intelligence and Armed Services Committees, respectively, co-sponsored S. 21, the findings and Sense of Congress do not appear to address the military and intelligence aspects of cybersecurity. This exclusion begs the question on whether efforts by the Defense Department and the intelligence agencies to lead on cybersecurity will prevail in the long term.
In the House, Speaker Boehner appointed Rep. Mac Thornberry in late December to lead a House initiative on cybersecurity. Thornberry, who is also Vice-Chairman of the Armed Services Committee, is one of the most knowledgeable members on the issue. In 2003-2004, he served as the chairman of the House Homeland Security Committee Subcommittee on Cybersecurity, Science, and Research and Development, where he, with his Ranking Member Zoe Lofgren, spent a significant amount of time collaborating with the private sector and examining how to strengthen cybersecurity efforts. His experience on the Intelligence, Armed Services, and Homeland Security Committees should mean that he brings a balanced perspective to addressing the cybersecurity challenges.
While Thornberry has not announced how the House will proceed on cybersecurity, it is largely expected that it will tackle the issue in smaller pieces of legislation. The maze of committees with jurisdiction over the issue, as well as the potential conflict between those committees, may make it more difficult to resolve jurisdictional issues in the way that the Senate has. It is not impossible, just a significant lift, if anything is to get done this Congress. I would expect the various likely committees with interests -- Homeland Security, Armed Services, Intelligence, Science & Technology, Energy & Commerce, and Government Reform -- may likely move smaller bills that address issues within their jurisdiction. However, the House is still in the early stages of its cyber efforts so this prediction may change.
What is clear is that Congress is intent on doing something on cybersecurity during the 112th. In the past, we have seen congressional interest ebb and flow, but this time it feels different. Maybe it is because businesses are more focused on the subject, with more entities offering services and products to address the issue. Maybe it is because the press has focused on it more, as threats against the electric grid and WikiLeaks has put the topic front and center. Or perhaps, momentum is building behind the proliferation of smartphones, networked devices, and Internet services that has made security online so prominent.