Enacting Cyber Law Remains PossibilityBackroom Maneuvering Could Lead to a Senate Vote
It's not just the Almighty who works in mysterious ways; Congress, too, can be enigmatic as it legislates.
See Also: A Toolkit for CISOs
Conventional wisdom holds that Congress has run out of time in the waning days of the 113th Congress to enact significant cybersecurity legislation. After all, lawmakers over the past six years have mostly agreed on major aspects of various cybersecurity measures, yet none has been approved by both houses of Congress.
This would be the most significant piece of cyber legislation that's been passed by the United States Congress.
But there's nothing conventional about Congress, and word surfaced this past week that lawmakers and their staffs were working behind the scenes to get one or perhaps two pieces of cybersecurity legislation enacted.
"Chairman Carper continues to work closely with his colleagues in the Senate and the House and is hopeful cybersecurity legislation will pass before the end of the year," says a committee aide to Senate Homeland Security and Governmental Affairs Chairman Tom Carper, D-Del., speaking on background.
"That being said, there's still much more work to do in this area," the committee aide says. "He plans to continue to pursue cybersecurity as a top priority in the 114th Congress."
With the 114th Congress convening Jan. 6, Democrats lose their majority in the Senate and Carper surrenders his chairmanship to Sen. Ron Johnson, R-Wis., and becomes the ranking member of the Senate panel.
Best Chance for Passage
The cybersecurity bill given the best chance to be voted on this year in the Senate is the National Cybersecurity and Critical Infrastructure Protection Act of 2014, sponsored by House Homeland Security Committee Chairman Mike McCaul, R.-Texas. That measure passed the House of Representatives with bipartisan support by a voice vote on July 28 (see How House Passed 3 Cybersecurity Bills).
McCaul's congressional staff confirms that he told The Hill newspaper that "a lot of intense negotiations" are going on regarding his bill. His staff also confirms comments McCaul made at a Chamber of Commerce event on Dec. 3: "There had been some movement in the Senate. ... This would be the most significant piece of cyber legislation that's been passed by the United States Congress."
The National Cybersecurity and Critical Infrastructure Protection Act, if enacted, would codify the National Cybersecurity and Communications Integration Center, an agency within the Department of Homeland Security that fosters real-time cyberthreat information sharing with critical infrastructure operators. It also would establish an equal partnership between industry and DHS, and ensure that DHS recognizes industry-led organizations to expedite critical infrastructure protection and incident response. A Senate panel earlier this year passed a similar, but not as comprehensive bill codifying the integration center. For a bill to become law, both houses must pass legislation with identical language.
Should the National Cybersecurity and Critical Infrastructure Protection Act come up for a Senate vote, it would be done under a process known as a "hotline" in which senators agree to bring up a bill for a vote without debate or amendments. Any vote would require the unanimous consent of the senators. If one senator objects, the bill would not be voted on.
To hasten enactment, the Senate would need to pass the exact bill the House approved or have McCaul and House leaders agree in advance to the language of a Senate version of the bill so the House could quickly vote on it.
Reforming FISMA Remains Hope
Supporters of legislation to reform the the Federal Information Security Management Act, the law that governs federal government information security, hold out hope that the bill could find its way to the Oval Office.
The FISMA reform measure, known as the Federal Information Security Modernization Act, passed the Senate Homeland Security and Governmental Affairs Committee last June, but Senate Majority Leader Harry Reid, D-Nev., had not scheduled a floor vote on the measure. Word bubbling up from the inner sanctums of the Capitol says FISMA reform is being "hotlined," but getting all senators to agree on the wording of FISMA reform would require a lot of compromise. The version of FISMA reform that passed the House last year (see FISMA Reform Passes House on 416-0 Vote) does not include Senate provisions to give DHS added authority to help direct the cybersecurity of federal civilian agencies (see FISMA Reform Heads to Senate Floor).
Because of those differences, it's unlikely FISMA reform would pass this year. Yet, don't bet against it; stranger things have happened in Congress.