Cybersecurity legislation is sort of popular in this Congress. Several bills have been introduced, but there are enough cybersecurity bills working through the process that it’s unclear whether or not anything will be passed by the time this Congress ends in the fall. The latest cybersecurity legislation was introduced yesterday by Senators Lieberman, Collins and Carper. All three are members of the Senate Committee on Homeland Security and Governmental Affairs. You can watch the press conference announcing the bill online.
This legislation, called the Protecting Cyberspace as a National Asset Act, covers (among other things) the establishment of a National Office of Cyberspace Policy (in the Executive Office of the President, the creation of a National Center for Cybersecurity and Communications within the Department of Homeland Security, and revisions to the Federal Information Security Management Act. It also reintroduces the concerns about broad executive power over the Internet expressed by many when Senator Rockefeller introduced his cybersecurity bill last year. My read of the bill suggests that the language is not as clear cut on the extent of this power as it was in early drafts of the Rockefeller bill. In other words, the possibility of this power is in the bill, just not as explicitly as it was in other legislation.
This bill would place government-wide strategic and budgetary planning in the National Office, with operational responsibilities located in the National Center. This separation may resolve the debate between some members of Congress on where cybersecurity responsibility should be placed within the federal government – the White House or the Department of Homeland Security. But the more significant bottleneck to achieving passage of cybersecurity legislation will be negotiating which bills get consideration on the Senate and House floors.