CQ HOMELAND SECURITY
Nov. 25, 2008 – 7:51 p.m.
Congress Likely to Fill in the Blanks on Obama’s Broad Cybersecurity Vision
By Daniel Fowler, CQ Staff
President-elect Barack Obama and key congressional Democrats are in sync in their desire to improve the nation’s cybersecurity. Sketching in the details is likely to be a joint effort.
“I absolutely see that much greater attention’s going to be paid to cybersecurity than in the past, both by the current Bush administration and even in past sessions of Congress,” said Rep. Jim Langevin , D-R.I., who chairs the Homeland Subcommittee on Emerging Threats, Cybersecurity, and Science and Technology.
So where does Obama plan to focus his cyber-efforts?
A close look at his campaign document entitled “Strengthening Homeland Security” reveals an answer — everywhere — that isn’t especially helpful.
Obama’s cyberpriorities are so expansive that Democratic lawmakers would be hard pressed to raise a cyber-initiative that couldn’t be grouped under at least one of them.
The document lays out priorities for bolstering the nation’s cybersecurity including strengthening federal leadership on cybersecurity, beginning a safe computing research and develop effort, hardening the country’s cyber-infrastructure, developing a comprehensive cybersecurity and response strategy and protecting the information technology infrastructure that keeps the nation’s economy safe.
Other priorities are preventing corporate cyber-espionage, developing a cybercrime strategy to reduce opportunities for criminals to profit, mandating standards for securing personal data and requiring companies to disclose data breaches involving personal information.
“As president, I’ll make cybersecurity the top priority that it should be in the 21st century,” Obama said in his prepared remarks for a July 16 speech at Purdue University on confronting new threats. “I’ll declare our cyber-infrastructure a strategic asset, and appoint a National Cyber Adviser who will report directly to me. We’ll coordinate efforts across the federal government, implement a truly national cybersecurity policy, and tighten standards to secure information — from networks that power the federal government, to the networks that you use in your personal lives.”
To achieve his goal of a building a “trustworthy and accountable cyber-infrastructure that is resilient, protects America’s competitive advantage, and advances our national and homeland security,” Obama intends to engage the private sector, research community and the public, he said in his plan, in which he criticized the Bush administration for shrouding the Comprehensive National Cybersecurity Initiative in secrecy and proceeding “without adequate consultation rather than engaging the public and the private sector and leading the nation to address this threat.”
Calling on Congress
Obama isn’t alone in thinking that engagement is key, but it is Congress and others that have so far begun to fill in the gaps in the lofty rhetoric.
“He recognizes, I believe . . . as I do, that the partnership between the public and private sector has really suffered over the last eight years,” said Langevin, who along with Michael McCaul , R-Texas, recently founded the House Cybersecurity Caucus.
“Both sides are . . . extremely distrustful of one another. In order to get this right, that has to change and I believe that President Obama and his advisers will be the vehicle to achieve that mission.”
Congress Likely to Fill in the Blanks on Obama’s Broad Cybersecurity Vision
According to Leslie Phillips, a spokeswoman for Sen. Joseph I. Lieberman , I-Conn., who chairs the Homeland Security and Governmental Affairs Committee, “One of [the Bush administration’s] weaknesses has been its relationship with the private sector — in terms of working collaboratively, sharing information, and seeking input from those who will be most involved.”
She said Lieberman and Susan Collins of Maine, the committee’s ranking Republican, raised those issues with the White House repeatedly.
“Given the vast private ownership of cyber and other critical infrastructure, it is crucial that this relationship be a two-way street if we are to improve our cybersecurity in coming years,” Phillips said.
C.A. Dutch Ruppersberger , D-Md., chairman of the House Intelligence Technical and Tactical Intelligence Subcommittee, said he thinks Congress and the Obama administration will “put more resources, more people” and have a “more aggressive education plan so the public understands” the seriousness of the cybersecurity issue.
In terms of legislation, Langevin, Lieberman and Sen. Thomas R. Carper , D-Del., all suggested the Federal Information Security Management Act (PL 107-347) should be overhauled.
“Legislatively, we hope to complement President-elect Obama’s plan to improve oversight of all aspects of information technology in the federal government,” said an aide for Carper’s Senate Homeland Subcommittee on Federal Financial Management, Government Information, Federal Services and International Security.
“Sen. Carper’s legislation (
Carper’s legislation was reported out of Senate Homeland in September, but saw no action in the full Senate.
“That’s clearly in need of overhaul, to update and improve it,” Langevin said of FISMA.
In addition, Phillips said Lieberman favors legislation that would strengthen the Federal Energy Regulatory Commission’s “authority to regulate the electric sector’s cybersecurity practices” and Langevin said a data privacy breach notification bill is also likely.
Several breach notification bills were introduced during the 110th Congress, but none were enacted.
Outside Advice
Earlier this month, the Internet Security Alliance recommended that the government employ a social contract model for cybersecurity, similar to the “agreement between government and the utilities in the early 20th century which had the goal of providing universal phone, power, and light service to Americans.”
Congress Likely to Fill in the Blanks on Obama’s Broad Cybersecurity Vision
The “Cyber Security Social Contract” model calls for the government to offer incentives for private sector investment to improve cybersecurity that is “not justified by current business plans,” but that addresses the public interest, according to the report.
On Dec. 8, the Center for Strategic and International Studies’ Commission on Cyber Security for the 44th Presidency is scheduled to release its report with recommendations for Obama.
“There’s 22 recommendations,” said James Lewis, a senior fellow at CSIS, who directs its Technology and Public Policy program. “I think we’d be thrilled if even a handful of them were picked up. . . . There’s some good ideas in there.”
In September, members of the commission discussed some of their recommendations at one of Langevin’s subcommittee hearings.
The group suggested that cybersecurity has become such a critical issue that it needs to be addressed at the highest level — the White House — rather than having the Homeland Security Department as the top entity involved in the mission.
“We’re going to push to make sure that a lot of these recommendations are implemented,” said Langevin, who is a commission co-chair. “Since the people that are on this commission are some of the most renowned experts on cybersecurity — both in and out of government — across the country today . . . I would expect that the findings of the commission are going to have a great weight and respect from day one.”
According to Langevin, “you very well could see some legislative initiatives to help to implement the findings of the CSIS commission.”
“From the briefings the committee has received on the report, Sen. Lieberman believes the report will contain useful recommendations that both he and the next administration should give serious consideration to,” Phillips said.
Daniel Fowler can be reached at dfowler@cq.com.
POST A COMMENT
Oops! The following errors must be addressed: