The Public Eye with Eric Chabrow

White House Not Counting on Cybersecurity Legislation, Yet

White House Not Counting on Cybersecurity Legislation, Yet

Ask Capitol Hill odds makers, and the likelihood of any significant cybersecurity legislation reaching President Obama's desk this year is 50-50, at best. Those odds diminish as we close in on the November election, and senators and representatives concentrate more on getting reelected than passing legislation.

Does that bother the White House? That's a question I put to Howard Schmidt, the White House cybersecurity coordinator, during my one-on-one chat with him last week at RSA Conference 2010 in San Francisco.

Schmidt didn't provide a direct answer, but said the administration is exploring through internal discussions and conversations with key lawmakers what Congress should do - and should not do - legislatively to advance efforts to secure government systems and the nation's critical IT infrastructure.

"That's sort of the landscape I'm looking at now, sort of identifying what is and what should not be."

What is the landscape in Congress as related to cybersecurity legislation? A number of bills have been introduced, but three standout: the House-passed Cybersecurity Enhancement Act now before the Senate; the United States Information and Communications Enhancement Act, or U.S. ICE, which would update the 8-year-old Federal Information Security Management Act; and the comprehensive Cybersecurity Act. Plus, Sen. Joseph Lieberman has said he plans to introduce a wide-ranging cybersecurity measure this session. (See What Next? Cybersecurity Legislation in the Senate for further details on these bills.)

Schmidt, in discussing legislative options, outlined steps the administration is taking to change FISMA compliance to emphasize real-time monitoring of IT systems versus the paper-compliance agency must follow now. Those steps, he said, should be issued in new Office of Management and Budget directives expected next month. So is legislation such as U.S. ICE needed? Here's Schmidt's response:

"I don't know. That's one of the things we're working with the legislative folks as well as the agencies and as well as with Congress. It's hard to say to pass something, when we don't know what that something is, and that's a challenge we have. What is it we need? What are the authorities that we've got, and what gaps are there, if there are any gaps? If there not, then we better be exercising the authorities we've got to affect long term, permanent change."

Legislation is just one part of coordinating government cybersecurity, and Schmidt admitted he hadn't had the bandwidth to examine closely the Cybersecurity Enhancement Act. That said, the special assistant to the president emphasized his desire to work closely with Congress.

"It's one of the things that's really important that Congress coalesce around their viewpoint on cybersecurity as well, because there's a lot of equities in there, and looking at this and getting the visibility into it is important. But, it's got to be done in a very constructive way, and that's why I'm looking forward to continuing to work with them."

Noting the difficulty of getting any type of legislation passed this year, especially in the Senate, I asked Schmidt: Are you concerned that any potential administration-sought cybersecurity legislation would stall in Congress? He responded:

"I don't think so. I mean, my experience up there both now and in my private-sector capacity has been, Congress has been pretty united; we're looking to solve problems as opposed to creating divisiveness in certain issues. So, and in my experience in the past month that I've been up there, everyone has unilaterally said, 'We're here to help; tell us what we need to do.'"

But that help may not come for another year.

About the Author

Eric Chabrow

Eric Chabrow

Retired Executive Editor, GovInfoSecurity

Chabrow, who retired at the end of 2017, hosted and produced the semi-weekly podcast ISMG Security Report and oversaw ISMG's GovInfoSecurity and InfoRiskToday. He's a veteran multimedia journalist who has covered information technology, government and business.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.