DHS Secretary Predicts U.S. Cyber Legislation this Summer

May 14, 2014

U.S. Homeland Security Secretary Jeh Johnson says that Congress is likely to agree on cybersecurity legislation this summer.

"My sense is that there's an effort to try to get something done this summer," Johnson told the Reuters Cybersecurity Summit, adding that he has discussed the matter with members of both the House of Representatives and the Senate. "I've seen a fair amount of activity coming from both the House and the Senate and a real bipartisan desire to get something done," he said.

Johnson, who replaced Janet Napolitano as homeland security secretary in December, said tightening cybersecurity standards was "a good government, good business" practice that should not be a "political hot potato," even for a divided Congress, Reuters reports.

"My sense is that Congress realizes this is an area where we can legislate and we ought to try," he told the summit.

"The House last year for the second time passed a bill designed to help companies and the government share information on cyber threats, but it fizzled in the Senate. It did not address industry standards and the Obama administration had threatened to veto it over privacy concerns as many Democrats sought a broader bill," Reuters said.

Efforts to pass cybersecurity legislation got second wind in Congress last month as leaders of the Senate Intelligence Committee drafted their own bill, now circulating among key stakeholders in hopes of avoiding disagreements that have thwarted passage in the past. The draft, from Senators Dianne Feinstein, a California Democrat, and Saxby Chambliss, a Georgia Republican, would offer liability protections and consider the possibility of data being shared not only with a civilian government agency but also military or intelligence agencies, said Reuters.

Besides the limited liability, Johnson said key components of any legislation would be updating the Federal Information Security Management Act; clarity on the authority that DHS has over government web operations; and clarity on what commercial firms should share with the government.

Ransomware and the propulsion of the extortion economy has rapidly eclipsed into a national priority. Recently, we observed the catastrophic impact of a widescale ransomware attack impacting gas pipelines and raising national gas prices overnight.