While Congress continues to seek a consensus on cybersecurity information sharing legislation, the White House concluded that existing regulatory laws are sufficient to address cyber threats facing critical infrastructure sectors of the economy, such as chemical plants, banks, and telecommunications systems.
The conclusion of a regulatory review announced by White House Cybersecurity Coordinator Michael Daniel found “that agencies with regulatory authority have determined that existing regulatory requirements, when complemented with strong voluntary partnerships, are capable of mitigating cyber risks to those systems,” he said in a May 22 blog post.
The regulatory review was conducted as part of an Executive Order issued in February 2013, which required Executive Branch departments and agencies with responsibility for regulating the security of private sector critical infrastructure to assess their current regulatory authority related to cybersecurity and propose any changes needed to address insufficiencies in their existing authorities. Three departments and agencies – the Department of Homeland Security, the Department of Health and Human Services, and the Environmental Protection Agency – were required to submit reports on their regulatory authorities and, according to Daniel, their findings support the Administration’s current voluntary approach to addressing cybersecurity risk.
Undeterred by the White House conclusion that existing regulatory laws are sufficient, the Senate Intelligence Committee continued to receive stakeholder comments on draft cybersecurity information-sharing legislation being developed by Senators Diane Feinstein (D-CA) and Saxby Chambliss (R-GA). The legislation has not yet been formally introduced as the committee seeks to address the concerns of privacy advocates that the measure, like the version that passed the House in April 2013 (H.R. 624) and which the President threatened to veto, would make it easier for the National Security Administration (NSA) to collect people’s personal information.
On May 28, House Intelligence Committee Chairman Mike Rogers (R-MI) called on the Senate to act on their legislation prior to the August recess, expressing concern that it will be difficult to address cybersecurity during the fall leading up to the November mid-term elections. “I think we've made tremendous progress in the last few months,” Rogers said during a cybersecurity forum at George Washington University. But “if we don't have something moving by August, I think it gets lost in the haze, and it will be a very long time before we actually get a bill that can pass that actually functions.”
In addition to legislation on information sharing, the Senate Homeland Security and Governmental Affairs Committee recently approved a bill (S. 2354) to clarify the Department of Homeland Security’s roles and responsibilities and update the Federal Information Sharing Management Act. That legislation is expected to be considered by the full Senate in the coming weeks.