- The Washington Times - Monday, January 7, 2013

Having failed to pass cybersecurity legislation for the third consecutive year, Congress this year will take a back seat to the Obama administration in trying to secure critical networks such as transportation, banking and communications from Internet attacks.

As early as this month, President Obama is expected to sign an executive order to help protect industrial networks from computer hackers, especially those affiliated with terrorist groups and foreign adversaries.

The executive order will set policy under existing law to help the government “more effectively secure the nation’s critical infrastructure by working collaboratively with the private sector,” White House spokeswoman Caitlin Hayden said in an email, adding that the order “is not a substitute for new legislation.”

Cyberattacks have shut down websites, slowed communications, wrecked computer-operated industrial machinery, and allowed hackers to steal financial and identity information worth billions of dollars.

But businesses are concerned that only changes in the law can protect them from lawsuits if their cybersecurity measures fail or have unanticipated impacts on their customers.

“Only Congress can address those [liability] issues,” said Jessica Herrera-Flanigan, who was general counsel and later staff director of the House Committee on Homeland Security from 2003 to 2008.

According to James A. Lewis, a scholar at the Center for Strategic and International Studies, a draft version of the executive order would direct federal agencies to “incorporate cybersecurity standards as part of the regulatory requirements they impose on the industries they regulate.”

Independent agencies, such as the Federal Communications Commission, “will be asked to help,” Mr. Lewis said, but “will the standards make sense, and will they be imposed within a reasonable timeline?”

He said there is “very little prospect” of the 113th Congress crafting and enacting a cybersecurity bill this year, as new leaders assume command of the committees and subcommittees that would produce such legislation.

The Senate Homeland Security and Governmental Affairs Committee will be led by Sens. Thomas R. Carper, Delaware Democrat and committee chairman, and Tom Coburn of Oklahoma, the panel’s ranking Republican. They replace Sen. Joe Lieberman, Connecticut independent, who retired at the end of the 112th Congress, and Sen. Susan M. Collins, Maine Republican, respectively.

The House Committee on Homeland Security will be headed by Rep. Michael T. McCaul, a Texas Republican who has said he wants to focus on bringing business management principles to the Department of Homeland Security. He replaces Rep. Peter T. King, New York Republican, who ran up against committee term limits.

In addition, the House Homeland Security subcommittee on cybersecurity will be chaired by Rep. Patrick Meehan, Pennsylvania Republican. The panel’s previous chairman, Rep. Daniel Lungren, California Republican, was defeated in his re-election bid in November.

“Absent some major bad event, the odds are very long” against any cybersecurity legislation passing either chamber this year, Mr. Lewis said. “Politics stopped them from doing it last year. Nothing’s changed in that regard.”

Part of the difficulty for Congress is the large number of oversight committees with authority over various parts of the hugely complex policy issue, current and former congressional staffers say. Cybersecurity is a key element of matters dealing with defense, transportation, homeland security, energy, financial services, small business, communications and intelligence, among others.

“Cybersecurity is a hard issue on which to legislate,” said Ms. Herrera-Flanigan.

Story Continues →