CQ WEEKLY – IN FOCUS
Feb. 25, 2012 – 3:46 p.m.
Quandary for GOP in Cybersecurity Bill
By Tim Starks, CQ Staff
|
||
|
A cybersecurity bill cosponsored by Lieberman, McCain said, would turn the Department of Homeland Security into a “regulatory leviathan.” And McCain said the bill’s prescriptions for securing the most vulnerable and vital privately owned computer networks would create an “adversarial” relationship with business.
The sharp-tongued attack on the legislation by the Arizona Republican caught many by surprise. But it illustrates a dynamic that is central to the fate of cybersecurity legislation this year. In the current debate, Republicans find themselves torn between two backbone GOP priorities: bolstering national security and combating federal regulation. How Republicans resolve their dueling impulses — and how Democrats respond — will be key to whether a cybersecurity bill emerges from Congress and, if so, what kind of bill it will be.
One person who wasn’t caught off guard by McCain’s comments was Stewart Baker, who served as assistant secretary for policy at the Department of Homeland Security under President George W. Bush.
“Having been in a Republican administration, I know quite well that the instinct to avoid regulation is a powerful one. So is the instinct to serve national security,” says Baker, now a partner at Steptoe & Johnson LLP. “It’s always a battle of the heavyweights when those two things come into conflict. I’m not surprised that Republicans are concerned about this.”
Most Republicans say they recognize the dire nature of the cyber threat. McCain said the sharp rise in attacks on government networks — as well as cyberespionage from China, cybercrime from Russia and hacking by domestic groups such as Anonymous — demands a response. It’s just that Lieberman’s bill isn’t the answer, McCain argued.
Nor is McCain’s position on that bill unanimous among Republicans. While several ranking members of Senate committees have joined McCain in opposition,
But already, some outside experts say, the anti-regulatory sentiment on cybersecurity legislation voiced by many Republicans and some business groups is having an effect. Mike McConnell, a former director of national intelligence who now works at the consulting firm Booz Allen Hamilton, said at a George Washington University panel last week that concerns about regulation — as well as privacy — are “getting in the way” of enacting needed security measures.
At the same hearing where McCain launched his critique of the cybersecurity bill, two experts said the legislation had already been overly diluted in response to those who said it was too regulatory. “We need to carefully limit the scope of this regulation,” said James Lewis, a cybersecurity expert at the Center for Strategic and International Studies. “But I fear that we may have gone a bit too far.”
Alternative Proposal
For McCain and a group of Senate Republicans who plan to introduce their own cybersecurity measure, the answer to protecting private computer networks is to focus on sharing threat information between the federal government and businesses. McCain offered that as an alternative to the new regulatory regime created in the bill sponsored by Lieberman and Collins, as well as by Commerce, Science and Transportation Chairman
“The regulations that would be created under this new authority would stymie job creation, blur the definition of private property rights and divert resources from actual cybersecurity to compliance with government mandates,” McCain said.
Quandary for GOP in Cybersecurity Bill
Collins counters that the bill would help the economy because it would reduce the damage done by cybertheft. “I have opposed efforts to extend regulations that would burden our economy,” she said at the hearing. “But regulations that are necessary for our national security and that promote rather than hinder our economic prosperity strengthen our country — they are in an entirely different category.”
Several House Republicans have spoken warmly of the common ground between their legislative proposals and the chief Senate measure, even as they note that they favor a less regulatory approach.
Jim Harper, director of information policy studies at Cato Institute, a libertarian think tank, says there is an “interesting tension” between the GOP stances on national security and regulations. But there is another tension between “libertarian Republicans” and “big government Republicans” on the nature of the threat itself, he says — with “libertarian Republicans” of the mind that the most frightening cyberthreat scenarios were “produced in Washington, for Washington.”
For Republicans, who often speak ill of federal regulation, the criticism of the chief Senate cybersecurity bill is in keeping with that. But, it also plays into their political message.
“There is a partisan temptation — this is an election year,” Baker says. “There’s clearly a narrative that says the president has been too aggressive and Democrats in Congress have been too aggressive in imposing regulation on the private sector, so that’s an argument that has some pull.”
‘Life-or-Death Issue’
Even before McCain blasted the bill, Democrats were trying to get ahead of the argument, particularly by emphasizing the threat. The administration has repeatedly briefed senators on the dangers to U.S. networks.
“This is not a Republican or Democrat issue; it’s a life-or-death issue for the economy and for us as people,” Rockefeller said in testimony about the need for the measure. “I want to be clear. The cyber threat is a very, very real fact. This is not alarmist.”
Sponsors said they had responded to criticisms of the bill by including some provisions backed by Republicans and excluding others opposed by Republicans.
They also highlighted how the regulations are relatively minor: The new rules would be written with industry input; covered businesses would get to choose their own methods of meeting security standards; and most businesses would not be subject to the regulations, either because they don’t own vital networks or they already meet security benchmarks.
There are other ways that Democrats can counter GOP criticism of regulations, says Alan Paller, research director of the SANS Institute, which conducts cybersecurity training and research. If the federal government could provide “effective cybersecurity” for its own networks, Paller says, it could convince Republicans that regulations can work in the private sector, too.
Baker says that the differing clusters of lawmakers aren’t really that far apart. “When you take various Republican bills in the House, if you stapled them together, you would have something easily conferenceable with the Senate bill,” he says.
Quandary for GOP in Cybersecurity Bill
And despite the divide between Lieberman and McCain, the pair might yet find common ground. After McCain ripped into the bill, Lieberman said, “The only satisfaction I had from your statement” was that “you’re going to make a proposal.”
“Sen. Collins and I and the others working on this bill will consider it,” he said. “And let’s get something done on a clear and present danger to our country this year.”
For Further Reading: Senate bill is