Cybersecurity legislation slowing in the Senate should leave us wondering if interest in the subject is receding for a time.
In the past, I have written on the ebbs and flows of government interest in cybersecurity, dating back to as early as 1998. For the last 14 years we have seen the government turn its attention to cyber, stressing the need for action, only to turn its attention elsewhere in short order. This has all happened despite threats of a Digital Pearl Harbor, threats from terrorists, and, most recently, threats from foreign nations (such as China).
The slowing of cybersecurity legislation within the Senate should leave us wondering if we are experiencing an ebb tide, coming off of the high tide of House action and constant news cycles of cyber threats and leading us into a lull where cyber is no longer in the headlines.
More than a year ago I wrote that this time around the atmosphere around cyber felt different. It seemed as if the will was there to move cybersecurity legislation and the administration's focus was strong. In the interim, we've seen cybersecurity become a political beast, with partisanship driving some of the inaction in Congress. At the same time, post SOPA/PIPA, civil liberties and privacy have led Members to question cybersecurity efforts. I wonder if my earlier assessment needs adjusting -- the atmosphere still seems different, but perhaps the result will be the same.
We've also seen cybersecurity leaders within the administration exit through the side door -- from the Homeland Security Department's Phil Reitinger and Greg Schaffer to the recent announcement that White House Cyber Czar Howard Schmidt is retiring. Granted, well-qualified albeit very different credentialed individuals stepped in to replace these leaders. Given the relatively smooth transitions (and expected transition in Schmidt's case) between the appointees, the changing of the guard perhaps isn't a good indicator of an ebb tide, but rather a recognition that cybersecurity has matured in the federal government space and is less about personalities and more about the substantive work continuing.
That said, how cybersecurity proceeds in Congress and how the administration chooses to address the issue internally over the next several months should make it clear whether it is receding after being at high tide for most of the past two years. Hopefully this is not the case as I worry, given our increased reliance on technology and the growing threats from a variety of global players, that the high tide that will follow any low may be too much for us to handle.