Obama Urged to Push Cybersecurity In Upcoming State of the Union Address

Bloomberg Law: Privacy & Data Security brings you single-source access to the expertise of Bloomberg Law’s privacy and data security editorial team, contributing practitioners,...

Rep. James R. Langevin (D-R.I.), a member of the House Intelligence Committee, Feb. 5 sent a letter to President Obama urging him to use his upcoming State of the Union address to make a renewed push for legislative action on cybersecurity.

Langevin, a co-founder of the Congressional Cybersecurity Caucus, raised concerns about the rise of cyber-attacks against critical U.S. computer networks in the government and private sector and the potential for a major national security disaster, if the trend continues.

Hearings Expected

In the face of increasing reports of cyber-attacks on U.S. businesses and government agencies, several committee chairmen in the House and Senate also recently signaled plans to address cybersecurity within the current Congress.

“The cyber attacks against our economic and national security are growing and affecting all corners of our society, from government to private businesses and critical infrastructure,” Senate Commerce Chairman John D. Rockefeller IV (D-W.Va.) said in a statement sent to BNA Feb. 5. “We can't wait any longer to protect ourselves from these threats and I know my colleagues agree that passing cybersecurity legislation is a priority.”

Similar statements came from Senate Homeland Security Chairman Thomas R. Carper (D-Del.), as well as House Homeland Security Chairman Michael T. McCaul (R-Texas) and House Intelligence Chairman Mike Rogers (R-Mich.).

A Carper spokeswoman told BNA Feb. 5 that the senator is planning to hold a cybersecurity hearing in the near future.


Congressional Research Service--Federal Laws Relating to Cybersecurity: Overview and Discussion of Proposed Revisions (2/5/13)

McCaul, who, along with Carper, is also a new committee chairman, said in a Feb. statement that recent cyber-attacks are “further evidence that we must harden our networks against espionage by enacting comprehensive cybersecurity legislation to bolster our defenses against enemies who seek to steal our intelligence, intellectual property and dismantle our critical infrastructure.”

A McCaul spokeswoman told BNA Feb. 5 that cybersecurity-related hearings are expected in the coming months, although the committee has not released a schedule.

Rogers said in a Feb. 5 statement that foreign cyber-attackers are targeting “every aspect of the American economy every day and Congress needs to act with urgency to protect our national security and our economy.”

Carper said he is committed to working with the administration and congressional colleagues to reach a solution on a comprehensive cybersecurity measure “as soon as possible.”

“These latest reports of yet more sophisticated cyber attacks … underscore the scary reality of how vulnerable we really are to cyber criminals, terrorists, and nation-states seeking to use technology to steal from us or do us harm,” Carper said.

2012 Push Failed

The previous Congress failed to enact cybersecurity legislation, although it was a top priority for House and Senate leaders, as well as the president.

Obama, in his 2012 State of the Union address, highlighted the importance of strengthening the nation's cybersecurity posture, noting that his administration had submitted a legislative proposal to Congress (11 PVLR 192, 1/30/12).

A key sticking point in the debate over how to approach cybersecurity was whether the federal government should have a role in ensuring that critical parts of the private sector are meeting adequate cybersecurity standards. The White House and leading congressional Democrats favored such a role for the government, but many Republicans objected, and no agreement was reached.

In the 112th Congress, Rockefeller was among a group of senators who introduced and unsuccessfully pushed for passage of a comprehensive bill dubbed the Cybersecurity Act (S. 3414). The measure called for a government-administered program to encourage “critical infrastructure” operators to adopt voluntary cybersecurity best practices.

Senate Majority Leader Harry Reid (D-Nev.) twice attempted to pass the legislation, but Republicans blocked the measure both times (11 PVLR 1711, 12/3/12).

The Chamber of Commerce actively lobbied against the bill, arguing that the proposed standards could lead to government regulations. Recently, however, Rockefeller released a report that said Fortune 500 companies have mixed views about his cybersecurity legislation (12 PVLR 189, 2/4/13).

The 112th House passed a package of business-friendly cybersecurity bills that included a narrow Rogers measure (H.R. 3523) to strengthen cyberthreat information sharing between the government and the private sector (11 PVLR 721, 4/30/12). Cybersecurity Act sponsors and the White House rejected the House package, however, saying that it did not go far enough.

Meanwhile, in light of congressional inaction so far, the White House is expected to issue an executive order on cybersecurity (12 PVLR 136, 1/28/13). Republicans have balked at the idea, however, and there has been broad consensus, even among proponents, that an executive order could serve as only a short-term solution at best.

By Alexei Alexis  

Langevin's letter is available at http://langevin.house.gov/press-release/awaiting-executive-order-langevin-urges-president-emphasize-cyber-state-union.

Request Bloomberg Law: Privacy & Data Security