As widely reported, next week will be busy as the House takes up a series (probably) of cybersecurity bills as part of the House Republican Leadership's designated "Cybersecurity Week." Several months ago, I wondered aloud what the House would do on cyber, as the Senate seemed poised and ready to move forward with a comprehensive approach to cybersecurity, while the House had not created a path forward on Congressman Thornberry's Task Force Recommendations. Ironically, cybersecurity is coming, but not in the Senate - at least not in the coming weeks - and the House has leapfrogged ahead of the upper chamber.
It is widely expected that the House will consider the Rogers-Ruppersberger bipartisan Cyber Intelligence Sharing and Protection Act (H.R. 3523), which has run into some rough territory in the past weeks as privacy and civil libertarians have compared it to the doomed SOPA/PIPA legislation that was withdrawn earlier this year. For the record, the bill is far from being a SOPA/PIPA repeat, though the Members are doing the right thing by trying to satisfy those with privacy concerns. The House will likely also consider the Information Security Amendments Act (H.R. 4257), which overhauls FISMA, the Advancing America's Networking and Information Technology Research and Development Act (HR 3834), and the Cybersecurity Enhancement Act (H.R. 2096).
It is unclear whether some form of the Promoting and Enhancing Cybersecurity and Information Sharing Effectiveness Act (PRECISE; H.R. 3674), introduced by Rep. Lungren in the House Homeland Security Committee, will gather enough support to be considered. The bill had a number of critics, especially with regard to the creation of an information sharing organization and for voluntary measures relating to critical infrastructure protection. Indeed, it had enough criticism to cause Rep. Lungren to essentially strip the bill down to bare bones, in hopes of holding Homeland Security's place in cyber week. The legislation is being marked up today in the House Homeland Security Committee.
It is a bit disheartening that the homeland element of cybersecurity may end up being no more than an asterisk in the cybersecurity debate. Given the amount of effort put into creating the cyber components with DHS, including the merger of the various 1990s entities handling cybersecurity, the Committee should be playing a larger role and be leading the cybersecurity debate.
That said, the House cybersecurity line up, if it evolves as described above, is somewhat comprehensive, even if tackled in a piecemeal approach on the House floor. The passage of any or all of these bills puts pressure on the Senate to act on this important issue.