Even if a bill gets through the Senate, the path forward is unclear.
There is a lot of chatter on and around Capitol Hill about the possibility that the Senate will be taking up cybersecurity in July. It is unclear at this point which bill or issues will make it to the floor or even if any effort will garner enough support to pass, though more voices are calling for some sort of compromise. While those following cybersecurity legislation await some possible post-4th fireworks in the Senate on what was once a non-partisan issue, there is a larger question looming in the background: What's next?
Even if cybersecurity legislation does get through the Senate, there is not a clear path forward for reconciling that bill (or bills) with any or all of the House cybersecurity measures passed earlier this year. Congress is only in session a short span in July, before lawmakers exit for August recess. September will be an even shorter work period before attention is turned to home districts and the upcoming elections. There is much talk of an end of the year marathon, but with the debt, sequestration, appropriations, tax cut extensions and other headline-grabbing topics front and center, will there be room for negotiated cybersecurity legislation? Could it be attached to another moving vehicle in hopes of passage? What would "it" be anyway?
Short of a cyber-tragedy, it is hard to see a clear trajectory for a cyber bill to reach President Obama's desk. Not impossible, but the stars would have to align perfectly. More likely, we will see the cyber debates move into 2013. If they do, expect some of the same issues -- information sharing, critical infrastructure regulatory structures, workforce challenges, research and development, and the Federal Information Security Management Act -- to remain at the forefront of discussions. Data breaches, which have long been treated as a "privacy/consumer" issue – also could be blended into larger efforts. In addition, in light of Stuxnet, increased IP theft from abroad, and Flame, how the U.S. plays on the international cyber front also could be addressed.
First, the Senate has to act.