Senate to Consider Cybersecurity Overhaul

WASHINGTON — After more than two years of protracted negotiations and numerous legislative rewrites, Senate Majority Leader Harry Reid is preparing to schedule a floor debate for a bill that would overhaul the country’s cybersecurity framework, a senior aide to the Nevada Democrat said on Tuesday.

The bill that would come up for debate, which at the earliest could drop in the next week, would ideally hit the floor in three or four weeks, Tommy Ross, Reid’s senior intelligence and defense advisor, said in a panel discussion here at the annual State of the Net conference.

“Where we are I think this year is in a position where the legislative proposals we’re looking at as well as the level of debate and sort of basic knowledge about the substantive issues that we’re debating in the Senate are far advanced from where we were last year, and almost unrecognizable from where we started out two years ago,” Ross said.

It has been a hard slog to generate broad agreement on a policy area that spans numerous committee jurisdictions and raises a tangle of technical, logistical and civil-liberties questions. Senate staffers have been engaged in ongoing meetings with leaders in the private sector, members of the security community, public-interest groups and others as they have worked to craft a model for securing the nation’s critical digital infrastructure that can garner strong bipartisan support.

The bill that comes up for debate, a composite that is likely to include elements of many of the prior bills various lawmakers have introduced and debated in committee, will be intended only as a first draft, according to Ross, who said that Reid expects an extended debate over amendments to the legislation.

“We’re not going to get it right with the legislation we bring to the floor with our base bill,” he said, adding that some key aspects of cybersecurity policy will by necessity be left out of the final bill. “We call it a comprehensive cybersecurity bill. It’s not comprehensive. It’s not going to touch on a lot of really important elements of cybersecurity because you can’t do it all in one bill.”

But the bill will address critical areas that are left murky under current law, such as the specific extent of government authority over critical infrastructure and language to formalize a process for public and private-sector entities to share information about cyber threats.

The Obama administration weighed in on the cybersecurity debate last May, when the White House delivered its own blueprint for reform to Capitol Hill. The administration is seeking many of the same broad reform initiatives likely to be included in the Senate bill, with a particular emphasis on clarifying and expanding executive authority over private-sector operators of critical infrastructure.

“That increasingly is our concern in the executive branch that there are vulnerabilities in the critical infrastructure that we absolutely need to mitigate, and we are concerned that we do not have the correct authorities to do so effectively in the future,” said Christopher Finan, director for cybersecurity legislation on the White House National Security Staff. “And so you’ll find that at the heart of our proposal are increasing those authorities.”

In the House, the process is less clear. Numerous committees have been debating various cybersecurity bills their members have introduced, underscoring the jurisdictional challenges that have slowed the advance of past legislative efforts.

House staffers at Tuesday’s panel discussion suggested that the most likely outcome would see many of these committees report out their respective bills. That raises the possibility of each awaiting a debate on the House floor, or potentially merging together in a more comprehensive bill that would then have to be reconciled in conference with any measure the Senate passes. It’s also possible that the House leadership could opt to table the debate to see what, if anything, emerges from the Senate.

“I’d be speculating to tell you how the process is going to go,” said Kevin Gronberg, senior counsel for the majority at the House Committee on Homeland Security. Kenneth Corbin is a Washington, D.C.-based writer who covers government and regulatory issues for CIO.com.