Congress Must ‘Take the Lead’ on Cybersecurity, Ex-Rep. Stearns Says
Congress “is going to have to take the lead” on cybersecurity, said former Rep. Cliff Stearns, R-Fla., at an FCBA event Wednesday night. Stearns is now a senior adviser at APCO Worldwide. Although President Barack Obama issued a cybersecurity executive order in February, Stearns said he believes “it has gone nowhere. You need some kind of leadership in the House and Senate to say ’this is the basic standards that we've got to go forward with.’ Absent that, industry is going to have to work within themselves.” Although the House passed the Cyber Intelligence Sharing and Protection Act earlier this year, similar information sharing legislation will be difficult to pass in either the House or Senate following leaks about the controversial National Security Agency surveillance programs, Stearns said.
Sign up for a free preview to unlock the rest of this article
Communications Daily is required reading for senior executives at top telecom corporations, law firms, lobbying organizations, associations and government agencies (including the FCC). Join them today!
CISPA contains 29 separate privacy protections, and staff to House Intelligence Committee Chairman Mike Rogers, R-Mich., repeatedly consulted privacy and civil liberties organizations as they shaped the final bill, said Diane Rinaldo, Rogers’ legislative director. Rogers’ office is continuing to meet with members of the Senate on a regular basis and “we're hopeful” about the prospects for a cybersecurity information sharing bill there, Rinaldo said. Senate Intelligence Committee Chairwoman Dianne Feinstein, D-Calif., and ranking member Saxby Chambliss, R-Ga., have been working on an information sharing bill that Chambliss has said is “very close” to being released (CD Oct 9 p6). A Chambliss spokeswoman said Thursday that Feinstein and Chambliss “are still working on it.” Rinaldo said she doesn’t expect the Feinstein-Chambliss bill to be a “clone of CISPA,” but that her office is instead hoping the bill will be something that, if passed, would be similar enough that it could be worked on in conference.
The Senate has decided to take a piecemeal approach to passing cybersecurity legislation in the 113th Congress -- a shift in tactics after the Senate didn’t pass the comprehensive Cybersecurity Act of 2012, said Senate Commerce Committee General Counsel John Williams. The Senate Commerce Committee has already passed its “piece of the puzzle” -- the Cybersecurity Act of 2013 (S-1353) -- and is waiting for the Feinstein-Chambliss bill and legislation from the Senate Homeland Security Committee to also drop, Williams said. “The idea is we're all working on our pieces of legislation and then we'll all sit together and work it out,” he said. S-1353, which awaits consideration by the full Senate, would authorize the National Institute of Standards and Technology to work with industry to develop cybersecurity standards on an ongoing basis after it releases the final version of the Cybersecurity Framework in February. The bill would also strengthen the government’s cyber research, education and public awareness efforts (CD July 26 p9).
NIST wants to “have a conversation” with industry stakeholders to determine the best independent governance structure for future framework revisions, said Kevin Stine, NIST’s manager-Security Outreach and Integration Group, Computer Security Division. Industry was always meant to lead the framework’s development and revisions, but it’s also “not something we can develop and then walk away” from, Stine said. NIST plans to make future governance a main topic of a framework development workshop set for Nov. 14-15 at North Carolina State University’s Centennial campus in Raleigh, Stine said. Part of that governance discussion will have to deal with “finding the right balance” for NIST’s future involvement, he said. (jphillips@warren-news.com)