recommended reading

Cybersecurity bill’s outlook still bleak

J. Scott Applewhite/AP

When sweeping cybersecurity legislation failed to advance in the Senate in August, it went down with a barrage of finger-pointing and posturing. And aides from both parties say that nothing really has changed since it was filibustered.

Senate Majority Leader Harry Reid, D-Nev., is looking to revive the Cybersecurity Act as soon as this week, which seems optimistic given that he had also promised to take up the bill at the beginning of 2012; it didn’t hit the floor until July.

Over the summer, neither side could agree to a set list of amendments. Republicans wanted to tack on provisions dealing with the health care law and abortion. A group of Democrats tried attaching a gun-control amendment.

Last month, Reid accused Republicans of engaging in “tea party-motivated obstruction” over the summer and said that the GOP would have “one more chance to back their words with action” on the issue after the November elections.

Substantive disagreements about the legislation are also unresolved.

Democrats, backed by the White House, are pushing for minimum security standards for certain critical infrastructure companies, such as those that run electric grids or nuclear-power plants. Democrats say they have already compromised by making those standards voluntary instead of enforceable.

Republicans, supported by many businesses and the U.S. Chamber of Commerce, say even voluntary standards could become de facto government regulation, which would only burden companies and do nothing to secure U.S. computer networks from cyberattacks.

Unlike in August, the lame-duck debate will take place in the shadow of an impending executive order by the Obama administration that would establish a system of voluntary standards.

The White House says that Congress will still need to act to fully address some issues, including information-sharing among businesses and government, as well as federal information-security policies. But White House officials say they’re not holding their breath.

“Unfortunately, the current prospects for a comprehensive bill are limited and the risk is too great for the administration not to act,” National Security Council spokeswoman Caitlin Hayden told National Journal Daily. Even if the bill fails to clear the Senate again, it could provide the White House with more political cover for moving forward with an executive order.

All of this sets the stage for additional political posturing, said James Lewis of the Center for Strategic and International Studies.

“By accident, they could pass a symbolic bill, but I think the main goal is to score points off the other sides,” he said. “Why, at this point, they want to do that, I don’t know.”

Threatwatch Alert

Credential-stealing malware / User accounts compromised / Software vulnerability

Android Malware Infects More than 1M Phones, Adds 13,000 Devices a Day

See threatwatch report


Close [ x ] More from Nextgov

Thank you for subscribing to newsletters from
We think these reports might interest you:

  • Featured Content from RSA Conference: Dissed by NIST

    Learn more about the latest draft of the U.S. National Institute of Standards and Technology guidance document on authentication and lifecycle management.

  • PIV- I And Multifactor Authentication: The Best Defense for Federal Government Contractors

    This white paper explores NIST SP 800-171 and why compliance is critical to federal government contractors, especially those that work with the Department of Defense, as well as how leveraging PIV-I credentialing with multifactor authentication can be used as a defense against cyberattacks

  • Toward A More Innovative Government

    This research study aims to understand how state and local leaders regard their agency’s innovation efforts and what they are doing to overcome the challenges they face in successfully implementing these efforts.

  • From Volume to Value: UK’s NHS Digital Provides U.S. Healthcare Agencies A Roadmap For Value-Based Payment Models

    The U.S. healthcare industry is rapidly moving away from traditional fee-for-service models and towards value-based purchasing that reimburses physicians for quality of care in place of frequency of care.

  • GBC Flash Poll: Is Your Agency Safe?

    Federal leaders weigh in on the state of information security

  • Data-Centric Security vs. Database-Level Security

    Database-level encryption had its origins in the 1990s and early 2000s in response to very basic risks which largely revolved around the theft of servers, backup tapes and other physical-layer assets. As noted in Verizon’s 2014, Data Breach Investigations Report (DBIR)1, threats today are far more advanced and dangerous.


When you download a report, your information may be shared with the underwriters of that document.