CQ WEEKLY – IN FOCUS
Jan. 28, 2012 – 11:38 a.m.
Cyber Bill Progress: Reid Is Fundamental
By Tim Starks, CQ Staff
It’s unusual for a Senate majority leader to become personally invested in a major legislative effort on a complex and technical topic with no obvious political payoff, particularly in an election year. But as the Senate tries to assemble a major bill to overhaul the nation’s cyberdefenses, Nevada Democrat
Reid’s transformation into a cybersecurity hawk began gradually, with his interest aroused after several senators encouraged him to take a look at the topic, according to a senior leadership aide. Later, he was spooked by a classified briefing about a National Intelligence Estimate on the cyberthreat. Before long, he was doing his own research and reading books such as “Cyber War,” by former White House adviser Richard Clarke.
Today, his fellow senators describe his zeal for cybersecurity with words such as “persistent” and “determined.” He has formed working groups to tackle various aspects of the legislation, prodded the White House into producing its own legislative package and now has directed the committees that have produced various bills to merge them into a comprehensive measure.
“Harry is just increasingly getting impatient,” says
Even those who don’t count themselves as allies of Reid praise him for taking such a pivotal role. But Reid is taking a risk because it’s not clear that his involvement will be enough to get the job done. Even after his attention, business groups, privacy advocates, the White House, and House and Senate Republicans still might not agree on a bill.
Competing Interests
The laundry list of players is a reminder of how much Reid doesn’t control in the fate of a cybersecurity bill. The topic does benefit from a lot of high-level attention, including a mention in President Obama’s State of the Union speech last week. But it’s also a minefield of overlapping committee jurisdictions, fast-moving technological changes and arguments about the role of government in regulating private industry, which owns an estimated 85 percent to 90 percent of the nation’s computing infrastructure.
Reid will publicly kick off his push as early as this week, when the new package is expected to be released. Aides say he hopes to bring a bill to the floor in February.
The majority leader has invested a lot in the outcome. Very few subjects have inspired him, during his tenure as Senate leader, to take the kind of hands-on approach he has on cybersecurity. “The only other issue he’s become that involved with is health care,” says Jim Manley, who served as the majority leader’s spokesman for six years and now is a senior director at Quinn Gillespie, a communications firm in Washington.
Reid’s involvement is even more unusual because cybersecurity isn’t a subject of major national political interest, such as Obama’s health care legislation, or even parochial interest, such as the question of whether to store nuclear waste at Nevada’s Yucca Mountain — another area where Reid has been active.
But those who know Reid say he came by his devotion to the topic because of its importance and urgency. “He’s been convinced by experts in the Pentagon and intelligence community that cyber is the single biggest threat in the United States that remains more or less unaddressed,” says the leadership aide. “There’s no other threat out there that’s so significant, and we don’t have a legal framework in place to deal with it.”
Adds
First, Reid brought together chairmen of interested committees to have regular meetings. Manley and Lieberman say Reid’s involvement has been one of necessity: With so many committees having a piece of cybersecurity, any comprehensive bill requires a coordinated approach. From there, his office set up about a half-dozen informal working groups, drawing in lawmakers from both sides of the aisle, as well as administration officials.
Cyber Bill Progress: Reid Is Fundamental
“Cyber is an inherently tough nut to crack for Congress because of committee jurisdictions and biases, which is why we saw the Senate leadership’s invitation as a great opportunity to constructively affect the process, and hopefully make it more comprehensive,” says an administration official, speaking on condition of anonymity.
Some of the working groups — such as one on how to defend the most critical digital infrastructure, including computer networks tied to the power grid and banking system — have been particularly active, because forging agreement has been so difficult. Others, such as one on the foreign relations side of cybersecurity, which is less controversial, have met only a handful of times.
Not everyone thinks Reid’s approach has been adequate. Arizona Republican
Reid has worked to involve outside parties in other ways. In the summer of 2010, he and Democratic committee chairmen sent a letter asking the White House to give its views on the Senate’s legislative proposals. Christopher Finan, director of cybersecurity legislation for the White House national security staff, said at a conference this month that Reid’s letter prompted the administration to come up with a legislative package, unveiled last May.
‘Real Challenge’
Reid’s office has been in close touch with business groups, which have strong interest in the outcome. And he has tried to get all members involved, not just committee leaders. One of Reid’s goals has been to get everyone to have a common understanding of the threat.
“From a consensus-building standpoint, we’ve made a lot of headway,” the leadership aide says. The result is that the legislative approach “is much, much more sophisticated than when we began.”
Maine’s
The odds of final passage, however, remain unclear. The chief obstacle is still the need to resolve differences between those who want stricter security regulations for businesses and those who don’t.
“It’s a real challenge to bridge that gap,” says the leadership aide. “And it cuts across partisan lines. Among Democrats and Republicans, you have some who are more hawkish and most responsive to national security concerns, and some who are more responsive to the needs of businesses.”
That central question threatens not only to keep the Senate divided but to keep it at odds with the House. It could spark partisanship, which notably has not been a big factor yet on this issue. But some Republicans in the Senate last year, led by Texas’
It’s not a gap that Reid is likely to bridge anytime soon — and almost certainly not before a bill comes to the floor.
Getting business groups on board might have more to do with better communication than specific changes, according to the leadership aide. Some of the provisions that have drawn opposition from businesses apply only to a “very narrow slice of the private sector,” the aide says, “and that’s something we’ve had trouble explaining to folks.”
Cyber Bill Progress: Reid Is Fundamental
The House has also indicated a preference for passing several smaller bills, rather than one big package. But the leadership aide said that’s less of a worry than resolving the debate on the substance. Says Thornberry of the House- Senate divide: “There’s a lot of common ground between most people on a lot of the things that need to be done. Hopefully we can at least do that.”
Those obstacles might prove too difficult to overcome. But Lieberman says Reid’s involvement has, at least, given cybersecurity legislation a chance this year. “Harry’s really pushed this,” Lieberman says, “and that’s made all the difference.”
FOR FURTHER READING: Legislative summary, CQ Weekly, p. 38; economic cyberwarfare, 2011 CQ Weekly, p. 2642; private sector and cybersecurity, 2010 CQ Weekly, p. 1858.