The Intersection: Feb 2015

Welcome to The Intersection, a series designed to help you anticipate and prepare for public policy challenges and opportunities.

Subscribe to The Intersection:

Cybersecurity: Where Agreeing on Solutions is Only the Beginning

After hundreds of hearings, presidential speeches, White House summits and thousands of media reports, it’s clear that pretty much everyone agrees that cybersecurity is a one of the biggest challenges facing the nation (just ask former Sony Pictures CEO Amy Pascal or any of Target’s customers). And, unlike most issues in Washington, there is even consensus on the fundamentals for solving the problem – collaborate, share more information and analyze the data collected in order to prepare for the next threat. It’s when you peel back the onion that cybersecurity becomes Churchill’s “riddle wrapped in a mystery inside an enigma.”

Agreeing on Solutions

Only in Washington would “agreeing” on solutions lead to so much debate. In spite of all the fundamental agreement, there are divisions among the biggest players in this space. Take information sharing: we all agree we need to do a better job, but after that, the consensus breaks down. Differences between the tech community’s distrust of the National Security Agency (NSA), companies’ concerns about information sharing liability and the government’s need to be at the center of any solution create a landscape that isn’t quite as conducive to compromise as it might seem at first glance. The absence of notable CEOs from Google, Facebook and Yahoo! at the White House Cybersecurity Summit in the heart of tech country is but one example of how these differences are coming to light.

So where does that leave us? During the last Congress, the House passed legislation, but the Senate bill offered by Sen. Diane Feinstein (D-CA) and Sen. Saxby Chambliss (R-GA retired) never saw the light of day. Consensus failed in part because President Obama wanted more consumer protection, and businesses wanted more liability protection. This year brings new legislation from Sen. Tom Carper (D-DE) in the Senate and Rep. Dutch Ruppersberger (D-MD) in the House, but there is a long distance between a bill being introduced and becoming a law.

What Comes Next

While this is undeniably one of the top policy issues of our time, it is not clear that the issue – which does not require a manufactured crisis to receive attention – carries enough political value to be one of the (few) pieces of legislation that Congress actually commits to in a bipartisan manner. The fact that the most recent legislation was introduced by Democrats in a Republican-controlled Congress certainly doesn’t help.

A pivotal moment for cybersecurity legislation on the Hill may come later this year when Congress considers renewal of portions of the Patriot Act. Privacy advocates will surely call for more transparent operations from the NSA, and many believe that this should happen before any significant cybersecurity legislation is considered. While the Obama Administration recently announced a new agency within DHS that would collect information voluntarily submitted by the private sector, more may need to be done to ensure that the data collected will be used for its intended purpose and nothing more.
Whether you are a candidate in 2016, a CEO of a major corporation or newly confirmed Secretary of Defense, Ash Carter; cybersecurity isn’t going anywhere. Understanding the reasons for disagreement and the nuances of the policy landscape is critical for anyone thinking about weighing in on this issue.





Justin Rouse

Managing Supervisor

202-772-6960 \

Sam Fabens

Senior Vice President

202-772-5012 \