Congress Tackles Data Breaches, Russian Meddling and IT Modernization

Orhan Cam/

Lawmakers will address cybersecurity concerns at two major agencies this week.

The Modernizing Government Technology Act received new life last week with its inclusion in the Senate’s National Defense Authorization Act, but the IT modernization legislation isn’t a done deal yet. Meanwhile, Congress will take a hard look at cybersecurity policies at two agencies this week: the State Department, which plans to shutter a cyber office, and the Securities and Exchange Commission, which disclosed this week that one of its systems was breached.

Will Facebook Become Friends with House Intel? Will Twitter Follow?

Facebook should testify in an open hearing about fake ads Russian operatives placed on the social media site, the committee’s ranking member Rep. Adam Schiff, D-Calif., said Thursday.

The statement came after Facebook turned over thousands of those ads to committee investigators who are probing Russian meddling in the 2016 election. Schiff also called on Google and Twitter to participate in open hearings.

Facebook will testify before the Senate Intelligence Committee sometime this fall, Chairman Richard Burr, R-N.C., said, according to reports.

» Get the best federal technology news and ideas delivered right to your inbox. Sign up here.

Lawmakers: It’s Time for a National Data Breach Notification Standard

Lawmakers are renewing a call for a national data breach notification standard in the wake of the massive data breach at the credit rating agency Equifax, which could affect more than 40 percent of Americans. That national standard would replace a patchwork of 48 separate state standards for when companies must notify consumers about breaches.

Calls for the national standard have failed to gain traction in the past, however, partly because privacy advocates are concerned the national standard could be weaker than some state requirements.

SEC and State in the Cyber Hotseat Next Week

Lawmakers will be back in Washington next week with cybersecurity high on their agendas.

On Tuesday, the Senate Banking Committee will hold an oversight hearing on the Securities and Exchange Commission, which disclosed Wednesday (in the 18th paragraph of a press release) that its EDGAR public records system was breached. Meanwhile, the House Foreign Affairs Committee will hold a hearing on Secretary of State Rex Tillerson’s plan to reorganize the State Department, including by downgrading its cyber coordinator’s office.

On Wednesday, the House Homeland Security Committee will hold its regular worldwide threats hearing with top officials from the Homeland Security Department, FBI and National Counterterrorism Center, while the House Oversight Committee will probe the cybersecurity of connected medical devices.

On Thursday, the House Intelligence Committee will review documents in its ongoing investigation of Russian meddling in the 2016 election.

So How Long Until MGT Becomes Law?

It may take a little while longer. The Modernizing Government Technology and OPEN Government Data acts passed inside the Senate’s version of the National Defense Authorization Act Monday, but they still have a long way to go before the president’s desk. A conference committee needs to reconcile differences between the bills—like how MGT Act isn’t in the House version. However, the MGT Act unanimously passed the House in May. In the past few years, the defense authorization bill has hit the president’s desk in December.

Anti-Sex Trafficking Bill’s Unintended Consequences

The Senate Commerce panel held its first public hearing on the Stop Enabling Sex Traffickers Act, a bill designed to stop online forums from facilitating human trafficking. The bill, however, has pitted internet and human rights advocates against each other. The current version, internet law experts say, may discourage web companies from actively trying to remove harmful content and open them up to frivolous lawsuits.  

CBO Scores Senate’s Intel Act

The Senate version of an annual intelligence policy bill would cost the government at least $562 million over four years, according to a Friday estimate from the Congressional Budget Office. That figure doesn’t include classified portions of the Intelligence Authorization Act, though, nor does it take into account a provision that would raise pay rates for federal cybersecurity workers.

Among other provisions, the Senate bill would put the force of law behind a recent Homeland Security Department directive banning software from the Russian antivirus maker Kaspersky Lab from all government systems. The bill passed the Senate Intelligence Committee in July and is awaiting action by the full chamber. The House version of the bill passed that chamber in July.

Education Doesn’t Come Cheap

A separate Senate bill that would expand a National Science Foundation cybersecurity scholarship to include community college students in a pilot program would cost the government $6 million over four years, the budget office found.

Western Governors Endorse Grid Cyber Protection Pilot

Governors of 19 western states have endorsed a bill that would task the Energy Department’s network of national laboratories with helping energy companies secure their infrastructure against cyberattacks on a pilot basis, the bill’s sponsors announced Monday. The letter from the Western Governors Association was addressed to leaders of the Senate Committee on Energy and Natural Resources.