Choose your language:
At first glance, the optics this week looked pretty good. If you were looking for a get-tough-on-cybercrime Congress riding into town to save your data, you’d probably feel a little more secure. That’s if you were even paying any attention in the first place (most likely you were being one of those loyal Target, Michaels or Neiman Marcus customers recently hacked). Not only was Congress grilling retail executives for answers at recent Senate Judiciary Committee and House Energy and Commerce Committee hearings, but Senate Homeland Security Committee Republicans were dropping a scathing report on lack of federal agency IT security that same day. And meanwhile, several bills on both the House and Senate side were still circulating, from one addressing cyberattacks on national infrastructure to the other combating the theft of personal data.
Optics is one thing. But whether or not Congress has fully grasped the issue yet is another. Confusion over exact House or Senate Committee jurisdiction notwithstanding, Members of Congress are not exactly information technology experts. Here’s an interesting Bloomberg Businessweek infographic that shows the professions of the 113th Congress and notice how no IT specialists or tech moguls show up (not like Silicon Valley tycoons are lining up to run for anything), unless you count those who’ve made their millions in the industry. So, at the moment, one could make the argument that Congress could be at a collective intellectual disadvantage on this topic.
House subcommittee on Commerce, Manufacturing and Trade Chair Lee Terry (R-NE)—a lawyer by trade—touches on that a bit in his recent opening remarks during the House hearing. “I do not believe that we can solve this whole problem by codifying detailed, technical standards or with overly cumbersome mandates. Flexibility, quickness, and nimbleness are all attributes that are absolutely necessary in cyber security but run contrary to government’s abilities. I do believe that information sharing is an area that we can be involved with.”
That’s where the reality is a bit messier. Data intrusions still continue unabated. And while the private sector, such as retailers, agree that coordination is needed, it’s not clear how far they are going to go along with that without assurances that “sharing” doesn’t mean inadvertent access into sensitive corporate information handled by the government. Trust between private and public sectors will play a big factor in the discussion. There are loud calls for the Federal Trade Commission taking a lead role in data theft issues, but some critics would argue that while the FTC was successful setting up Do Not Call lists, it doesn’t necessarily make it equipped to address Do Not Hack.
And while one bill, the National Cybersecurity and Critical Infrastructure Protection Act of 2013, seeks to prevent massive denial of service invasions, the other bill, the Personal Data Privacy and Security Act of 2014, goes off into another track in an effort to deter cybercrime. There are other bills, as well, all competing for attention and one as controversial as the other. The issue of information security, in short, is all over the map as far as Congress is concerned. Yet, somewhere in the middle, is the still unresolved issue of government data collection as highlighted by ex-NSA contractor Edward Snowden. Time for new digitally oriented Congressional committees focused squarely on IT issues? Right now, IT security issues or legislation seem to evolve primarily from the subcommittee level. Time will only tell.
Interestingly enough, while data crimes, DoS attacks and various forms of data breaching are on the rise and a newfound sense of urgency hits the public consciousness, there are signs of quiet private industry nervousness about Congress’ next moves. Too many bills, say some critics, could result in too many regulations and the cost that comes along with more compliance.