It’s Cyber Reform All Over Again

Remember the 1993 movie Groundhog Day? Bill Murray, as meteorologist Phil, finds himself in a small town, waking up each day to find that he is reliving February 2.  Stuck in an infinite time loop, the same day occurs again and again.

Hmmm. This week is cyberweek in the House of Representatives. The controversial Cyber Intelligence Sharing and Protection Act known as CISPA is up for consideration, and the chamber on Tuesday passed a reform of FISMA, the 2002 Federal Information Security Management Act, as well as two bills out of the Science Committee dealing with workforce and R&D.

On April 17, 2012 -- almost exactly a year ago --  I wrote a blog titled Cybersecurity is Coming! Cybersecurity is Coming!

It is starting to feel a lot like Groundhog Day in Washington. Will this year be any different than last, with separate smaller bills dealing with only some of the issues making it through the House only to get stuck in the Senate over issues relating to regulation and who should be in charge?

The White House on Tuesday warned that CISPA still needs improvements: “If the bill, as currently crafted, were presented to the president, his senior advisors would recommend that he veto the bill,” the statement of administrative policy said.

Still, some factors are different this year and could change cyber reform’s fate. Here are a few:

·        Senate Leadership Changes. Sens. Tom Carper, D-Del., and Tom Coburn, R-Okla., took over this year as chair and ranking member, respectively, on the Homeland Security & Government Affairs Committee.  They have not shown their hands yet but are working on a cybersecurity bill.  They would like a bipartisan product that has wide support.  This changing dynamic could make them more likely to move away from the issues that tanked the bill last Congress. Or not.

·        The President’s Executive Order.  The EO, issued in January, covers potential best practices, standards and the like for critical infrastructure, among other things. It may be just enough to give Senate leaders flexibility to not legislate on the issue that had the most opposition in the last Congress. Or it may cause opponents to want to push forward with something to counter it.  

·        Additional House Bills.  In addition to the bills on the floor this week, media reports have indicated that the House Judiciary and Homeland Security Committees will have bills ready to go in the next month.  These bills are seen as complements to those going this week and possibly will include cybercrime provisions, information sharing and Department of Homeland Securities authorities.

·        The China threat.  The debate is no longer about cyber 9-11s or Pearl Harbors lurking around the corner. This time around it is about the threat from China.  Private sector security companies such as Mandiant have reportedly confirmed that the Chinese government is hacking into American systems and stealing information. The vulnerability of those systems -- including the possibility that systems hacked for information can also be hacked to be destroyed or damaged -- is a threat that many want to see addressed.

·        Privacy.  While privacy played a role in the debate last year, privacy groups and lawmakers concerned about the issue were not as vocal or as organized as they seem to be this year.  All of the bills will be scrutinized to assure that the government is not overreaching in its efforts to protect networks and share information.

Only time will tell if Congress can break its time loop.  The big question is – if it does – what will final legislation look like and will it advance the nation’s cybersecurity efforts, even as the opposition becomes more sophisticated and utilizes evolving technologies and tools?