Administration Said It Is Close to Issuing New Cybersecurity Priorities for Congress

Bloomberg Law: Privacy & Data Security brings you single-source access to the expertise of Bloomberg Law’s privacy and data security editorial team, contributing practitioners,...

By Alexei Alexis  

A senior Commerce Department official March 14 said the Obama administration should be ready soon to issue a new set of principles to guide legislative action on cybersecurity.

“I think we can get [a set of legislative principles] out the door soon,” Ari Schwartz, a senior policy adviser at the Commerce Department, said at a cybersecurity event sponsored by trade association USTelecom.

Despite a recent executive order addressing cybersecurity, the administration has been telling Congress that legislative action is still needed.


Despite a recent executive order addressing cybersecurity, the administration has been telling Congress that legislative action is still needed.  

White House spokeswoman Caitlin Hayden said the administration will provide specific legislative priorities in this area that will build upon a legislative proposal submitted to Congress in May 2011 (10 PVLR 730, 5/16/11) and will take into account two years of public and congressional discourse about how best to improve the nation's cybersecurity.

On March 13, a Department of Justice official testified before the House Judiciary Subcommittee on Crime, Terrorism, Homeland Security and Investigations on legislative changes needed to existing laws that criminalize interference with computers (see related report).

The House Intelligence Committee may mark up cybersecurity legislation in April (see related report).

Regulatory Review Required

Under the executive order issued by President Obama Feb. 12, the National Institute of Standards and Technology was directed to come up with voluntary cybersecurity standards for the nation's critical infrastructure, in collaboration with industry and other stakeholders (12 PVLR 257, 2/18/13).

The executive order charged the Department of Homeland Security with coordinating a program to promote the NIST standards and to identify incentives for adoption.

In addition, regulatory agencies were directed to review existing cybersecurity mandates and determine if they are sufficient, and whether any current rules can be eliminated as no longer effective. If the existing regulations are ineffective or insufficient, agencies are directed to propose “prioritized, risk-based, efficient, and coordinated actions … to mitigate cyber risk.”

The order also called for the government to improve its sharing of cyberthreat information with the private sector, while ensuring privacy and civil liberties safeguards.

“Although this executive order will help raise the nation's cyber defenses, it does not obviate the urgent need for legislation in these and other areas of cybersecurity,” Hayden told BNA March 14.

Homeland Security Secretary Janet Napolitano March 7 urged Congress to enact a comprehensive cybersecurity package that would assist the administration with advancing standards for critical parts of the private sector by giving relevant agencies the necessary regulatory authority to implement their assigned tasks (12 PVLR 427, 3/11/13).

By Alexei Alexis