The Public Eye with Eric Chabrow

Getting a Cybersecurity Law Enacted

Getting a Cybersecurity Law Enacted

The blogosphere and Twitter are alive with misinformation (what else is new?) or, more kindly, premature supposition about how the Senate will tackle cybersecurity legislation.

Last week, I interviewed Sen. Tom Carper, the Delaware Democrat who as chair of a subcommittee with government IT security oversight, has some sway over how legislation will be handled in the upper house. Still, in the current political environment, getting 60 votes to pass even a resolution declaring Labor Day is in September, as Carper puts it, is problematic. One senator's prediction on what might occur is just that, a prediction, not a fait accompli.

Carper told me, and I reported, that the easiest path for the Senate to pass cybersecurity reform was to attach the measure to the Senate version of the National Defense Authorization Act, the annual law that specifies the budget and expenditures of the military. (That's the path House backers of cybersecurity reform took.) It's a popular bill to attach riders because the legislation is a shoo in for passage. And Carper said the cybersecurity would be appropriate for the defense bill because IT security is part of national defense. Also, Carper said offering the measure as a standalone bill opens it up for amendments that could bog down the legislation when Congress is running out of time this year to act.

But one senator mapping out a logical path to passage doesn't mean that's how the Senate will vote on cybersecurity legislation.

One blogger concluded Carper's comments meant "Congress may sneak through Internet 'kill switch' in defense bill," with another blogger offered a more sinister interpretation: "Congress to clandestinely impose Internet dictatorship." That posting began:

"Buried in the lead of this article is the fact that Congress is up to their old tricks. Because it is politically infeasible to pass a takeover of the Internet on merit alone, Congress is attempting to attach the much talked about Internet 'kill switch' as a rider to the Senate Defense Bill."

True, Congress' arcane ways to enact legislation such as attaching bills as riders to other measures such as the National Defense Authorization Act often lacks transparency, but both houses have held a numerous public hearings on IT security, and lawmakers haven't been shy in expressing their views on the matter. In fact, the legislation has evolved because of concerns raised about aspects of the bill, including how much power should Congress grant the president in dealing with a cyber emergency.

The bloggers who point that the measure will include the Internet kill switch to grant the president power to shutter parts of the Internet in a cyber emergency - a power some contend he already has - reach a conclusion that the legislation's final version has been drafted. It has not.

Sure, Congress should be more open on how it tackles cybersecurity legislation, just as it should with all else it does. But within the bounds of how Congress conducts its business, nothing sinister is going on. It's just the ugly approach of representative democracy in action.



About the Author

Eric Chabrow

Eric Chabrow

Retired Executive Editor, GovInfoSecurity

Chabrow, who retired at the end of 2017, hosted and produced the semi-weekly podcast ISMG Security Report and oversaw ISMG's GovInfoSecurity and InfoRiskToday. He's a veteran multimedia journalist who has covered information technology, government and business.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing govinfosecurity.com, you agree to our use of cookies.