Will Cyber Bills Fall Victim to Midterm Election?
Jan. 23 marks Sen. Tom Carper's 63rd birthday, and in an interview with the Delaware Democrat nearly a year ago, the chairman of a subcommittee with cybersecurity oversight predicted his bill to reform the Federal Information Security Management Act would be signed by President Obama in a Rose Garden ceremony on that date. Don't count on the White House chef baking a cake to celebrate the senator's birthday or enactment of a new cybersecurity law.
By one conservative count, Carper's U.S. Information and Communications Enhancement Act is one of at least a dozen-and-a-half cybersecurity-related bills introduced in the current Congress. And, Sen. Joseph Lieberman, the Independent Democrat who chairs the Senate Homeland Security and Government Affairs Committee, promises to introduce an omnibus cybersecurity measure in the coming weeks.
Will any substantial cybersecurity bill be enacted this year?
One of the more astute observers of the intersection of cybersecurity and the legislative process is James Lewis, a senior fellow at the Center for Strategic and International Studies, the public-policy group that hosts the Commission on Cybersecurity for the 44th Presidency, which he serves as project director. I asked Lewis, in an interview (which will be posted in the coming days), are you optimistic about any cybersecurity bill of consequence being enacted in this session of Congress? He answered:
"No. I think what you're going to see are some very good bills introduced and long series of debates leading up to the end of the year. And, then the question is, will midterm elections derail this or will they be able to get something through? So, the best time to ask that question will be in September, when people come back. Will we see things put up for a vote? It's possible, there are some really good ideas in the legislation, and I hope some of them get through."
Will no action be a result of the upcoming midterm Congressional campaigns or specific provisions in the bills? The campaign looms larger than specific provisions, Lewis said, adding:
"That means the CPU time available for significant new legislation will decrease. The bills have whole sets of provisions in them. You've probably seen the Rockefeller-Snowe bill; some have controversial parts, some don't. The bills themselves are pretty good, the ones I've seen, certainly the Rockefeller-Snowe bill has some really great stuff in that. But the question is: Will the timing work out that the Congress can get to them?
Perhaps Congress this year won't enact meaningful cybersecurity legislation but will set the stage for passage in early 2011, just in time for Carper's 64th birthday.
GovInfoSecurity.com is presenting the Lewis interview in two parts. His comments on the prospects of cybersecurity legislation appears in Part 2, which will be posted shortly.
In Part 1, which has been posted, Lewis grades President Obama on his first-year cybersecurity performance and also discusses:
- How the cybersecurity coordinator's position could evolve into a more independent role, similar to that of the U.S. trade representative.
- Challenges the new cybersecurity coordinator, Howard Schmidt, face, including avoiding mistakes made by previous administrations.
- Why the federal government must take the lead in securing America's key digital assets, despite the fact that much of the nation's critical IT infrastructure is owned by business.