And, the Virginia Republican who coauthored the Federal Information Security Management Act and the E-Government Act says in an interview with GovInfoSecurity.com (transcript below) that the government may not suffer much if lawmakers don't quickly enact IT security legislation.
"A lot of what is needed can be done at the executive branch," Davis says. "You don't need legislation to do a lot of this. It can be an issue to the OMB (Office of Management and Budget) level; it can be an executive order. A lot of this is just congruity within the federal government itself. So there is a lot to be done there."
Still, if Congress should want to act on a significant cybersecurity bill, Davis says he doubts the political bickering on other issues - tax cuts, employment and healthcare, to name a few - shouldn't interfere. "Sometimes what you're looking for are legislative victories when can't get the big things," Davis says. Cybersecurity "is a national security-, homeland security-type issue, and on these kind of issues, sometimes the parties will get together because it has fewer political implications. The political implications with cyber are more around privacy rights and those kinds of things then they are the usual partisan divisions."
In the interview, Davis also praises Rep. Darrell Issa, R-Calif., the new chairman of the House Committee on Oversight and Government Reform - the panel Davis chaired before he left Congress in 2006 - as tech savvy as they come, pointing out that Issa founded the business that produces the Viper car alarm and holds about three dozen patents. "He understands the cyber equation very well," he says. "You want somebody like that sitting in that kind of position."
To some Democrats, Issa is seen as a highly partisan figure who would use his platform as Oversight and Government Reform chairman to investigate the Obama administration and embarrass Democrats, which he has denied.
Could bitter confrontation between Issa and the White House sour relations with Democrats on cybersecurity legislation and oversight, which has proven to be bipartisan? Davis thinks not. "Darrell is going to be strong enough to be able to be able to reach across the lines to coordinate with Carper or Rockefeller or whoever," Davis says, referring to Sens. Tom Carper of Delaware and Jay Rockefeller of West Virginia, Democrats who have backed significant federal government cybersecurity reforms.
Davis on Issa
ERIC CHABROW: Tell us about Darrell Issa, the California Republican who will take over your old job as chair of the House Oversight and Government Reform Committee.
TOM DAVIS: Darrell is as tech-savvy as they come. As you know he started a car alarm company, built into a powerhouse; he still sits on its board. Darrell is a technology whiz, not just in rhetoric, but in its actual applications. He has more patents than any member of Congress. I think he is the owner of like 35 or 38 patents. He understands the cyber equation very well. You want somebody like that sitting in that kind of position.
CHABROW: Would you expect any significant cybersecurity legislation to be enacted in lame-duck session?
DAVIS: No, none. There is no chance.
CHABROW: Not even through the National Defense Authorization Act (that contains a number of IT security provisions)?
DAVIS: No, I don't think so.
CHABROW: And why is that?
DAVIS: I just don't think they are going to do anything in the lame duck. That act has a couple of radioactive provisions in it that the Republicans are not going to allow to go through. And, unless the Democrats drop them, it's a non-starter.
CHABROW: Are you talking about don't ask, don't tell provision on gay rights?
DAVIS: Yeah, and I think there is a hate-crime provision as well. I think those are the two provisions.
CHABROW: So what happens next? There has been a lot of work creating cybersecurity legislation in the past several years. Does anything start from scratch?
DAVIS: First of all, a lot of what is needed can be done at the executive branch. You don't need legislation to do a lot of this. It can be an issue to the OMB (Office of Management and Budget) level; it can be an executive order. A lot of this is just congruity within the federal government itself. So there is a lot to be done there.
The only federal legislation to do things for example, involves the private sector. You may have to look at some FOI (Freedom of Information Act) legislation or some kind of limited tort liability or something like that, or anti-trust provisions to enable the private sector to more fully integrate itself with the government and coordinate; that would take legislation. But in terms of revising FISMA and doing those kind of things, a lot of this can be done just through executive orders.
CHABROW: Actually they are doing some of that now aren't they?
DAVIS: Yeah, the FISMA you have all the tools you need. If you want to make a paper exercise you can do that, if you want to operationalize it you can do that.
CHABROW: But the issue such as having a have a Senate-confirmed cybersecurity coordinator or advisor, things like that that would be legislation?
DAVIS: The president has a cyber czar and the power he gives that person within his own office if up to him. He can give that person and delegate that person as much power and staff as he wants. He doesn't have to wait for legislation. He can take that person's recommendations and put his signature on it and that carries a lot of weight.
Parisanship Vs. Bipartisanship
CHABROW: There's been basically bipartisan cooperation on a number of cybersecurity bills that have come before Congress in the past several years, and it was bipartisan back when you were there, too. Do you think that tradition will continue?
DAVIS: On this issue it may. I think Darrell is going to be strong enough to be able to reach across the lines and coordinate with Sens. (Tom) Carper or (Jay) Rockefeller or whoever puts them up. The problem legislatively has been a jurisdiction food fight over which committee really has jurisdiction. And as you know, cybersecurity is funded through a number of different committees and a number of different organizations in government, and therefore a legislative committees claim jurisdiction over pieces of it, and it's not very well coordinated. I'm not sure that is what we need. I think we need to make this a more coordinative approach to this. That is where legislation could help if you could solve the jurisdiction fight between Intel, Defense and Homeland Security (committees).
CHABROW: Do you see that happening or not really?
DAVIS: I hope it does. It will be a test of leaders to see if it happens. This is not an area that is well understood by most members or leaders, and so somebody has to take the bulls by the horn and push it. That is what I had to do with FISMA. We were able to make it work.
CHABROW: Could other issues prevent this, and what I mean from that, is that if the partisan bickering continues over healthcare, tax cuts, immigration, global warnings, etc., could that spill over?
DAVIS: That is going to continue. That doesn't mean that some of these other issues can't get resolved. Sometimes that is the best atmosphere to get things resolved sometimes it's not. It just depends on the leaders and how they interact. It is way too early to predict what happens.
Whenever you quote things in national security, economic security, sometimes the parties will get together and you hope it doesn't take some kind of adverse cyber event to spark a bipartisan interest but sometimes that is what happens. It takes something like that to get them, but members are fully aware of the problem and although there will be standoffs on a lot of issues and I think very little progress in some areas, I don't think that rules out in the cyber space. Darrell Issa is a very tech-savvy guy who understands this, and I think will have the juice if he wants to try to drive this equation.
CHABROW: You mentioned that sometimes this bickering could be a good atmosphere to do something like cybersecurity, why so?
DAVIS: Sometimes you're looking for are legislative victories when can't get the big things, this is a national security, homeland security type issue, and on these kind of issues sometimes the parties will get together because it ... has fewer political implications. The political implications with cyber are more around privacy rights and those kinds of things then they are the usual partisan divisions.
Check out our other interviews with Davis: