Cybersecurity's Bipartisan Spirit Challenged
Bipartisanship has been the hallmark of information technology and IT security laws enacted by Congress for decades, but the words and actions of some lawmakers last week suggest that the cooperation between Democrats and Republicans may not be as strong on all things cybersecurity as in the past.
Remarks by Sen. John McCain, R.-Ariz., and legislation introduced last week by two Republicans, Kit Bond of Missouri and Orrin Hatch of Utah, are at odds over a bill approved by the Senate Homeland Security and Governmental Affairs Committee that would give much of the day-to-day responsibility to assure civilian agencies IT systems are safeguarded to the Department of Homeland Security.
Though McCain didn't object in a voice vote to approve the Protecting Cyberspace as a National Asset Act of 2010 - the poll of committee members was on a package of bills and confirmations - the Arizona Republican expressed disapproval on how DHS has handled other security matters, such as the failure to identify the individual who tried to detonate an explosive on a jetliner headed to Detroit last Christmas. The Protecting Cyberspace as a National Asset Act, one could say, is a tri-partisan bill because it's sponsored by Sens. Joseph Lieberman of Connecticut, an Independent who caucuses with the Democrats; Susan Collins of Maine, the committee's ranking Republican; and Democrat Tom Carper of Delaware.
But the National Cyber Infrastructure Protection Act of 2010, introduced last week by Bond and Hatch, didn't list any Democrats as cosponsors. It would create a Senate-confirmed director of the National Cyber Center who would report to the president, but whose office would be situated in the Pentagon for administrative purposes. The Lieberman-Collins-Carper bill as well as the House-passed cybersecurity measure would establish a cyberspace office in the White House, Bond said:
"Our bill moves away from the notion that creating a statutory cyber coordinator in the Executive Office of the President will solve the cybersecurity problem. The current cybersecurity coordinator in the White House has neither the authority nor the staff to coordinate the government's wide-range of cyber operations and strategies. Simply enshrining his position in statute will not overcome the claims of executive privilege that are bound to come when Congress asks for information and it will not guarantee the leadership necessary to address the cyber threat."
To foster support for their approach, Bond and Hatch released a letter to Lieberman and Collins from three major IT vendors - Cisco Systems, IBM and Oracle - that questioned elements of the Protecting Cyberspace as a National Asset Act, including granting DHS authority over procurement and testing of new IT security wares. The letter stated:
"The expertise in this area does not currently reside in the DHS, the agency granted regulatory authority under the bill. It's also not clear whether giving significant new regulatory authority to the Department of Homeland Security is the right approach. In December the President appointed a new White House Cybersecurity Coordinator, Howard Schmidt. The Lieberman-Collins-Carper legislation appears to circumvent the cybersecurity coordinator's authority before the office has been given an opportunity to succeed."
The Bond-Hatch bill also establishes a Cyber Defense Alliance, a public-private partnership to facilitate the flow of cyber threat and technology information between the private sector and the government. The Lieberman-Collins-Carper bill's most controversial provision is one in which the president could declare a national cyber emergency, and would impose remedies on the private owners of critical IT systems to protect the national wellbeing. That bill has provisions that would involve the private sector in developing the remedies. Still, Bond said:
"Our bill does not impose mandates on industry and the private sector mandates and regulations that form the core of other bills, raising substantial concerns among our industry and private sector partners. Our economy is in turmoil as it is and the last thing we need are mandates imposed on U.S. businesses that will put them at a serious competitive disadvantage and jeopardize their proprietary information in the global marketplace. Many industry partners have told us that if we mandate this it would put them at a competitive disadvantage."
The potential of regulation - or how far government should go in regulating the private owners of the critical national IT infrastructure - has been a potential threat to the bipartisanship of cybersecurity.
But for now, bipartisanship on cybersecurity is far from dead. In February, when the House passed the Cybersecurity Enhancement Act by a 422-5 vote in February, the Democratic and Republican sponsors fawned over one another. Said Republican cosponsor Michael McCaul of Texas:
"When it comes to security matters, and I think a lot of science and technology matters, we worked in a very bipartisan way, and again, I think that's what the American people really want and deserve out of this Congress. I'm glad we saw a little bit of that bipartisanship here today on the House floor."
And there's other evidence of bipartisanship in Congress these days. McCaul cosponsored a bill to establish a cyberspace office in the White House with Rep. James Langevin, D-R.I., that became part of a rider attached to the Defense Authorization Act passed by the House late last month. Sens. Jay Rockefeller, D-W.Va., and Olympia Snowe, R.-Maine, are the chief sponsors of the Cybersecurity Act of 2010, a bill focused on IT security practices, research and education.
On most issues, bipartisanship remains elusive, and one could wonder whether cybersecurity could fall victim to inter-party squabbling. As Jim Lewis, the project leader of the Commission on the Cybersecurity for the 44th Presidency, said earlier this year:
"Eventually, everything in America will become partisan down to the shape of whatever goes on top of the National Christmas Tree, but so far we have dodged it and hopefully we can take advantage of the grace period as a nation to get some useful measures through."