After hundreds of hearings, presidential speeches, White House summits and thousands of media reports, it’s clear that pretty much everyone agrees that cybersecurity is a one of the biggest challenges facing the nation (just ask former Sony Pictures CEO Amy Pascal or any of Target’s customers). And, unlike most issues in Washington, there is even consensus on the fundamentals for solving the problem – collaborate, share more information and analyze the data collected in order to prepare for the next threat. It’s when you peel back the onion that cybersecurity becomes Churchill’s “riddle wrapped in a mystery inside an enigma.”
Agreeing on Solutions
Only in Washington would “agreeing” on solutions lead to so much debate. In spite of all the fundamental agreement, there are divisions among the biggest players in this space. Take information sharing: we all agree we need to do a better job, but after that, the consensus breaks down. Differences between the tech community’s distrust of the National Security Agency (NSA), companies’ concerns about information sharing liability and the government’s need to be at the center of any solution create a landscape that isn’t quite as conducive to compromise as it might seem at first glance. The absence of notable CEOs from Google, Facebook and Yahoo! at the White House Cybersecurity Summit in the heart of tech country is but one example of how these differences are coming to light.
So where does that leave us? During the last Congress, the House passed legislation, but the Senate bill offered by Sen. Diane Feinstein (D-CA) and Sen. Saxby Chambliss (R-GA retired) never saw the light of day. Consensus failed in part because President Obama wanted more consumer protection, and businesses wanted more liability protection. This year brings new legislation from Sen. Tom Carper (D-DE) in the Senate and Rep. Dutch Ruppersberger (D-MD) in the House, but there is a long distance between a bill being introduced and becoming a law.
What Comes Next
While this is undeniably one of the top policy issues of our time, it is not clear that the issue – which does not require a manufactured crisis to receive attention – carries enough political value to be one of the (few) pieces of legislation that Congress actually commits to in a bipartisan manner. The fact that the most recent legislation was introduced by Democrats in a Republican-controlled Congress certainly doesn’t help.
A pivotal moment for cybersecurity legislation on the Hill may come later this year when Congress considers renewal of portions of the Patriot Act. Privacy advocates will surely call for more transparent operations from the NSA, and many believe that this should happen before any significant cybersecurity legislation is considered. While the Obama Administration recently announced a new agency within DHS that would collect information voluntarily submitted by the private sector, more may need to be done to ensure that the data collected will be used for its intended purpose and nothing more.
Whether you are a candidate in 2016, a CEO of a major corporation or newly confirmed Secretary of Defense, Ash Carter; cybersecurity isn’t going anywhere. Understanding the reasons for disagreement and the nuances of the policy landscape is critical for anyone thinking about weighing in on this issue.
- Does Washington Have the Password for Cybersecurity Policy?by Robert Hoopes
- At White House Cybersecurity Summit, Search for Clarity, Trust Continuesby Corey Ealons
- Cybersecurity: Where Agreeing on Solutions is Only the Beginningby Justin Rouse, Sam Fabens
- A Framework for Securing Your Cyber Vaultby James Baril
- Good Communications Drives Trust in Cybersecurityby Corey Ealons
- To Whom much Data is Given, much Responsibility is Expected
- The Cybersecurity Efforts of Federal Agencies: 101by Zoe Sherman
- VOX Spotlight: VOX Global Named to PR News’ Agency CSR A-list
- View All Editions of The Intersection