Embed Size (px)
DESCRIPTION
This issue of Capitol Wire focuses on US cyber strategy, specifically digital-security policy.
Citation preview
Inspiring People. Shaping the Future.
WASHINGTON, DC1101 New York Avenue, NWSuite 901Washington, DC 20005 USAContact: Tyson BarkerE-mail: tyson.barker@bertelsmann-
foundation.orgTel: (+1) 202.384.1993www.bertelsmann-foundation.org
BRUSSELSRésidence PalaceRue de la Loi 1551040 Brussels, BelgiumContact: Thomas FischerE-mail: thomas.fischer@bertelsmann-
stiftung.deTel: (+32 2) 280.2830www.bertelsmann-stiftung.de/brussels
©Copyright 2010, Bertelsmann Foundation. All rights reserved.
The Brussels Connection to Capitol Hill
CapitolWire
CapitolWire is a joint publication of the Bertelsmann Foundation offices in Washington, DC and Brussels. It connects the European Parliament
to Congressional policy and politics, and contributes to a common trans-Atlantic political culture. CapitolWire is an occasional publication that
highlights issues, legislation and policymakers relevant to the European Parliament’s legislative cycle. This publication also looks at the Congress
from the point of view of European Parliament staffers and offers timely operational analysis.
Contact:TysonBarkerE-mail: tyson.barker@bertelsmann- foundation.orgTel: (+1)202.384.1993www.bertelsmann-foundation.org
Contact:ThomasFischerE-mail: thomas.fischer@bertelsmann- stiftung.deTel: (+322)280.2830www.bertelsmann-stiftung.de/brussels
ABOUT THE BERTELSMANN FOUNDATION: TheBertelsmannFoundationisaprivate,nonpartisanoperatingfoundation,workingtopromoteandstrengthentrans-Atlanticcooperation.Servingasaplatformforopendialogueamongkeystakeholders,theFoundationdevelopspracticalpolicy
recommendationsonissuescentraltosuccessfuldevelopmentofbothsidesoftheocean.
©Copyright 2011, Bertelsmann Foundation. All rights reserved.
JULY
20
11
Following similar strategic moves
undertaken since last year in Germany
and the United Kingdom, the Obama
administration announced in May that it
would begin pursuing a fundamentally
overhauled cyber security initiative. This
step promises to foster a more robust US
cyber infrastructure, to strengthen US
defenses against cyber attacks, to provide
greater protection for consumers, and to
expand international cooperation and
enhance public-private partnership through
streamlined communication channels and
platforms. In terms of national security,
the Pentagon followed the administration’s
release by announcing that it now classifies
cyber attacks as equivalent to conventional
armed attacks. The Defense Department
warned that the US would not hesitate to
use force in response to foreign attacks
on US cyber and critical infrastructure,
deeming them acts of war.
KEY POINTS
• TheWhiteHousehasunveileditscybersecuritylegislative proposalsanditsnew“International Strategy for Cyberspace”.Bothlaythefoundationforthe administration’seffortstosecurecriticalinfrastructure,protecttheUSfromcyberattacks,andincreasecooperationwiththeprivatesector.However,notallin Congressagreewiththespecificsoftheproposals.
• Whilemore than 55 piecesoflegislationdealingwithcybersecuritywereintroducedduringthe111thCongress,theonlymajoritemunderseriousconsiderationin the112thCongressisaSenatebillintroducedandsponsoredbySenatorsJoeLieberman,SusanCollinsandTomCarper,allofwhomaremembersoftheSenate CommitteeonHomelandSecurityandGovernmentAffairs.
• TheLieberman billwilllikelyhavetobereconciledwiththeWhiteHouseproposals,withwhichitcompetes.Reconciliationmaybedifficultgiventheabsenceofanagreement ontheemergencypowerstobegrantedtothepresidentintheeventofamajorcyberattackorontheneedforacentralWhiteHouseOfficeofCyberspacePolicy.
pPresidentObamawithWhiteHouseCybersecurityCoordinator HowardSchmidt
Developments in Digital Security: The US Unveils New Cyber Strategy
Inspiring People. Shaping the Future.
WASHINGTON, DC1101 New York Avenue, NWSuite 901Washington, DC 20005 USAContact: Tyson BarkerE-mail: tyson.barker@bertelsmann-
foundation.orgTel: (+1) 202.384.1993www.bertelsmann-foundation.org
BRUSSELSRésidence PalaceRue de la Loi 1551040 Brussels, BelgiumContact: Thomas FischerE-mail: thomas.fischer@bertelsmann-
stiftung.deTel: (+32 2) 280.2830www.bertelsmann-stiftung.de/brussels
©Copyright 2010, Bertelsmann Foundation. All rights reserved.
The Brussels Connection to Capitol Hill
CapitolWireJU
LY 2
01
1
2
The announcement of fundamentally revamped cyber security legislative proposals comes
after nearly two years of hearings and congressional briefings. The proposals reflect the
Obama administration’s broader cyber security ambitions, which began to take shape when
the president first ordered a cyber security policy review shortly after taking office in 2009.
Not everyone is cheering the moves. Congressmen Melvin Watt (D-NC) and Darrell Issa
(R-CA) charged that the plans offer less protection for consumer privacy and data security
while providing loopholes for telecom companies to access citizens’ private information.
Congressman Bob Goodlatte (R-VA) who has long questioned whether the government should
play such a dominant role in providing (and regulating) digital security, and whether regulatory
involvement would, in fact, hinder innovation and further harm economic growth, echoed
his colleagues’ concerns. Goodlatte is particularly uneasy about the expansion of oversight
and regulatory power vested in the Department of Homeland Security (DHS) in matters of
cyber security, especially as it relates to federal and private critical-infrastructure networks.
Others, such as Congressman Jim Langevin (D-RI, ranking member of the Subcommittee on
Emerging Threats and Capabilities in the House Armed Services Committee) faulted the
White House plan for not integrating enough elements of the legislation already proposed,
such as the inclusion of an Office of Cyberspace Policy with a Senate-approved administrator
(a criticism also long made by Congresswoman Diane Watson (D-CA)). Langevin also argued
that the plan does not go far enough in encouraging businesses to take cyber security
more seriously.
Unsurprisingly, the Senate Committee for Homeland Security and Government Affairs – three
members of which, Senators Joe Lieberman (I-CT), Susan Collins (R-ME) and Tom Carper (D-
DE), are the sponsors of a significant cyber security bill – openly embraced the White House
proposal and stated that it hopes to work further on passing legislation with many of its
elements. Others in the Senate, such as Jay Rockefeller (D-WV) and Olympia Snowe (R-ME),
who have backed similar legislation, also lauded the administration’s strategy, even if they
also expressed regret on the time it took to release it.
These developments were quickly followed by the June 24 announcement by House
Speaker John Boehner (R-OH) and Majority Leader Eric Cantor (R-VA) that a new House
Cybersecurity Task Force led by Congressman
Mac Thornberry (R-TX) had been formed.
Boehner had actually selected Thornberry
for the position before the 112th Congress
even convened. The purpose of the explicitly
partisan task force is ostensibly to provide a
Republican response to President Obama’s
legislative proposal. The results of the
Republicans’ analysis are due in October.
Legislative LandscapeThe major bill currently being reviewed and reconciled is the Lieberman/Collins/Carper
“Cybersecurity and Internet Freedom Act”, which has been revised for 2011. The previous
Congress’ attempt was the Rockefeller/Snowe “Cybersecurity Act of 2010”, which was approved
by the Senate Committee on Commerce, Science and Transportation in March 2010, but
never made it to the Senate floor for debate. That moderate success, however, came only
after significant revisions of several highly controversial elements in the original bill, including
one provision that critics argued gave the president wide-reaching emergency powers to shut
off private and public access to the Internet in the event of a critical cyber attack. This is the
so-called “kill-switch” provision. In its place, the bill made clear that the administration would
rather work collaboratively with businesses and government agencies in such an emergency.
The newest version of the bill introduced by Senators Lieberman, Collins and Carper
denounced the inclusion of such a “kill-switch” provision in any form. It seeks instead to
“establish the essential point of coordination across the executive branch”. Additionally,
the 2011 bill calls for the establishment of a central office within the executive branch to deal
exclusively with cyber attacks. This mimics the set-up in the UK but differs from the more
general coordination bodies found in Germany.
In the House of Representatives, two significant cyber security-related bills were the
“International Cybercrime Reporting and Cooperation Act”, introduced by Congresswoman
Yvette Clarke (D-NY) in 2010, and the Cybersecurity Enhancement Act of 2010, introduced by
Congressman Daniel Lipinski (D-IL). The
Clarke bill was largely designed to ensure
that the administration keeps Congress
informed in all matters pertinent to cyber
crime, infrastructure protection, and the
technological activities and capacities
of other countries (within the context of
combating international cyber crime).
The Lipinski bill was designed to advance
domestic research and development,
technical standards and more
pLegislationco-sponsorsSenatorsTomCarper,JoeLiebermanand SusanCollins
House CybersecurityTask Force
ChairMac Thornberry (R-TX)
Members
Robert Aderholt (R-AL)
Jason Chaffetz (R-UT)
Mike Coffman (R-CO)
Bob Goodlatte (R-VA)
Robert Hurt (R-VA)
Bob Latta (R-OH)
Dan Lungren (R-CA)
Mike McCaul (R-TX)
Tim Murphy (R-PA)
Steve Stivers (R-OH)
Lee Terry (R-NE)
Inspiring People. Shaping the Future.
WASHINGTON, DC1101 New York Avenue, NWSuite 901Washington, DC 20005 USAContact: Tyson BarkerE-mail: tyson.barker@bertelsmann-
foundation.orgTel: (+1) 202.384.1993www.bertelsmann-foundation.org
BRUSSELSRésidence PalaceRue de la Loi 1551040 Brussels, BelgiumContact: Thomas FischerE-mail: thomas.fischer@bertelsmann-
stiftung.deTel: (+32 2) 280.2830www.bertelsmann-stiftung.de/brussels
©Copyright 2010, Bertelsmann Foundation. All rights reserved.
The Brussels Connection to Capitol Hill
CapitolWireJU
LY 2
01
1
3
comprehensive public education on cyber security issues. The Clarke bill never made it beyond
committee referral and as of yet has not been re-introduced into the 112th Congress. The
Lipinski bill fared better, having overwhelmingly passed the House 422-5. But it did not move
beyond referral to the Senate Committee on Commerce, Science and Transportation. However,
despite this setback (and others), the bill, now called the “Cyber Security Enhancement Act
of 2011”, has been re-introduced by Congressman Michael McCaul (R-TX), with Congressman
Issues Moving ForwardThe most controversial issue ahead is arguably the proposed White House Office of
Cyberspace Policy. It’s unclear if that will make its way into final draft legislation. While
Senator Lieberman has stated that this is a priority in his bill, the White House proposal
gives the office short shrift. Creating such an entity may be a sticking point for the Senate or
the House.
Another point of contention may come over from DHS’s role in managing cyber security.
The White House strategy formalizes DHS’s current security role, essentially updating the
Federal Information Security Management
Act of 2002. But fear that DHS could abuse
its role means that provisions in any final
legislation must be ironed out to avoid
confusion about the Department’s powers
and autonomy.
Lipinski’s co-sponsorship. Senator Robert
Menendez (D-NJ) has announced plans
to introduce later this year a Senate bill
designed to mirror the House bill.
Other significant legislation introduced in 2010 and 2011 is listed below. Sponsors are listed in parentheses.
Senate
S. 813 – Cyber Security Public Awareness Act of 2011 (Senator Sheldon Whitehouse, D-RI)
S. 372 – Cyber Security and Internet Safety Standards Act (Senator Benjamin Cardin, D-MD)
House
H.R. 1136 – Executive Cyberspace Coordination Act of 2011 (Congressman James Langevin, D-RI)
H.R. 174 – Homeland Security Cyber and Physical Infrastructure Protection Act of 2011 (Congressman Bennie Thompson, D-MS)
H.R. 5548 – Protecting Cyberspace as a National Asset Act of 2010 (Congressman Jane Harmon, D-CA)
Recent Hearings/Testimony:
• Hearing: House Committee on Oversight & Government Reform – “Cybersecurity: Assessing the Nation’s Ability to Address the Growing
Cyber Threat” (July 2011)
• Hearing: Senate Committee on the Judiciary, Subcommittee on Crime and Terrorism – “Cybersecurity: Evaluating the Administration’s Proposals”
(June 2011)
• Hearing: Senate Committee on the Judiciary, Subcommittee on Crime and Terrorism – “Cybersecurity: Responding to the Threat of Cyber
Crime and Terrorism” (April 2011)
• Hearing: House Committee on Oversight and Government Reform, Subcommittee on National Security, Homeland Defense, and Foreign
Operations – “Cybersecurity: Assessing the Immediate Threat to the United States” (May 2011)
• Hearing: House Energy and Commerce Committee, Subcommittee on Energy and Power – “Protecting the Electric Grid: H.R.____, the Grid
Reliability and Infrastructure Defense Act” (May 2011)
• Hearing: House Committee on the Judiciary – “Cybersecurity: Innovative Solutions to Challenging Problems” (May 2011)
• Hearing: House Committee on Homeland Security, Subcommittee on Cybersecurity, Infrastructure Protection and Security Technologies –
“The DHS Cybersecurity Mission: Promoting Innovation and Securing Critical Infrastructure” (April 2011)
• Hearing: House Committee on Homeland Security, Subcommittee on Cybersecurity, Infrastructure Protection and Security Technologies –
“Examining the Cyber Threat to Critical Infrastructure and the American Economy” (March 2011)
