Congress is writing cybersecurity legislation under a cloud of uncertainty
Rep. Dan Donovan’s Cyber Preparedness Act of 2017 was reintroduced in the House in January and passed easily with bipartisan support this week. Despite the legislation’s strong comeback after stalling last year, its chances of enactment could be diminished by a presidential administration that is evaluating the role and responsibility of the Homeland Security Department in the nation’s cyber-defense.
Donovan’s bill is designed to streamline and improve cyberthreat information-sharing among DHS, state and local authorities. It remains unclear, though, how the Trump administration will reshape the U.S. government’s cybersecurity posture and therefore DHS’s operations, too. In late November, Trump pledged that the Defense Departmentwould take an increased role in defending domestic computer networks — a job long held by DHS.
For now, Donovan, R-N.Y., and other lawmakers interested in improving cybersecurity would prefer to proceed under the status quo.
“Congress has designated DHS to be the lead agency in charge of domestic cybersecurity defenses, and I believe that this role shouldn’t change,” Donovan told CyberScoop in an email, “It’s important for there to be stability in roles to ensure that stakeholders know which departments manage, oversee, and respond to cybersecurity incidents.”
The chairman of the House Homeland Security Committee also has pushed back against Trump’s proposed plan to increase the Defense Department’s influence relevant to the issue area. Michael McCaul, R-Texas, warned in an interview with CyberScoop that shifting cyber-defense authorities from a civilian agency to the military would be unwise.
“It has come up a lot in transition team discussions,” McCaul said previously. “It would be a grave mistake to change the roles we currently have where DoD defends the nation from cyber-warfare attacks and the FBI investigates. It would be a mistake to turn over these authorities to agencies that can both spy, investigate and prosecute Americans.”
It appears that Congress might not get more clarity in the coming days. At the moment, DHS’s leadership is preoccupied with immigration policy and border security issues, given the backlash to President Donald Trump’s executive order on travel from seven majority-Muslim countries. The new Homeland Security secretary, John Kelly, spoke rarely about cybersecurity during his confirmation process.
Trump was expected to release an executive order on cybersecurity this week, but reports say it has been postponed for now.
Donovan’s bill would enhance “preparedness and response capabilities for cyberattacks by allowing representatives from state and urban fusion centers to operate jointly out of the Department of Homeland Security’s National Cybersecurity and Communications Integration Center,” a statement from his office says.
Any significant change to the DHS’s existing staff or responsibilities — especially with regard to the NCCIC — may ultimately impact the bill’s relevance. Donovan’s bill has been referred to the Senate Committee on Homeland Security and Governmental Affairs. There is no Senate companion measure yet.