Lawmakers Working on Cybersecurity Contingency Plan
Rep. Michael McCaul, R-Texas, is working with lawmakers on a contingency plan in case the Senate fails to produce a cybersecurity bill this month, the Congressional Cybersecurity Caucus co-chairman said during an event hosted by the American Foreign Policy Council. It’s “highly likely” that Senate Majority Leader Harry Reid, D-Nev., plans to bring cybersecurity legislation to the floor for debate between now and the August recess, his spokesman told us separately, “but we still have to get through the outsourcing and Bush tax cut bills first.”
Sign up for a free preview to unlock the rest of this article
If your job depends on informed compliance, you need International Trade Today. Delivered every business day and available any time online, only International Trade Today helps you stay current on the increasingly complex international trade regulatory environment.
If the Senate fails to agree upon a comprehensive cybersecurity bill next week, McCaul said he has a meeting scheduled with several House and Senate lawmakers to discuss a way forward. McCaul plans to recommend to Senate lawmakers that they consider the four House cybersecurity bills as standalone bills, he said without specifying when the meeting will be or who will attend. In April, House lawmakers passed four cybersecurity bills during its so-called cyberweek: the Cyber Intelligence Sharing and Protection Act (HR-3523), the Federal Information Security Amendments Act (HR-4257), the Cybersecurity Enhancement Act (HR-2096), and the Advancing America’s Networking and Information Technology Research and Development Act (HR-3834).
McCaul expressed his concern that the Senate Cybersecurity Act (S-2105) places undue mandates and regulations on the private sector. “The one thing I learned from the [Stop Online Piracy Act] debate is don’t tread on the Internet,” he said. Instead cybersecurity legislation should harden federal networks, increase educational awareness of cybersecurity, secure the U.S. IT supply chain and increase information sharing between the public and private sector, McCaul said.
Cybersecurity legislation should authorize the Department of Homeland Security (DHS) to take on the lead role if domestic networks came under a cyberattack, McCaul said. “With the NSA, you don’t want to militarize [the Web], that’s why DHS as a civilian agency is more appropriate as the lead role domestically,” he said. “I think it’s better to do what we are doing in terms of sharing that cyberthreat information with the private sector through NSA and having DHS working with the NSA and DOD together.”
McCaul said he was “very disappointed” that House leaders shelved the House Homeland Security Committee’s cybersecurity bill, the Promoting and Enhancing Cybersecurity and Information Sharing Effectiveness Act (HR-3624). The bill, which was authored by Committee Chairman Dan Lungren, R-Calif., was dropped from consideration despite undergoing major revisions intended to make the bill more palatable to critics in industry (CD April 19 p8). The bill “should have gotten more buy-in from stakeholders” because it would have codified into law the existing authorities granted by the executive branch, McCaul said.