Lawmakers will be in session for only a few more weeks this year, but the 115th Congress — widely derided for a lack of accomplishment — could actually ring up cybersecurity successes by early 2018 that go beyond those in any previous session.Congress has taken important steps on addressing consumer data breaches, deterrence against foreign threats, the organization of key agencies around cyber, government information technology procurement, and the security of self-driving cars, among other issues.Bills on these issues still face obstacles, some of which may yet prove to be insurmountable. But action in one Congress across that broad range of cyber issues would be unprecedented.President Trump signed into law a cyber crime-fighting bill on Nov. 2, a relatively low-profile measure that could be followed by a number of significant cyber bills now poised for action.Most immediately, House and Senate negotiators have wrapped up talks on the annual National Defense Authorization Act, which will include Senate Armed Services Chairman John McCain's, R-Ariz., landmark requirements for developing a cyber deterrence strategy.Those provisions were tweaked following pushback from the Trump administration, but McCain has pressed for this national deterrence policy for years and — as he battles brain cancer — this could be his best chance to see it enacted into law.The final House-Senate agreement on the defense bill also contains provisions on the modernization of government technology similar to a measure by Rep. Will Hurd, R-Texas, that has already passed the House. Enactment of the “Modernizing Government Technology” language would be a major cyber achievement in its own right.Also, key players including Senate Republican Conference Chairman John Thune of South Dakota are negotiating to resolve different House and Senate approaches to cybersecurity in self-driving cars, with a product possibly available for final floor action by the end of the year or early next year.Other bills that could find floor time in the near term include one by Rep. Warren Davidson, R-Ohio, on cybersecurity at the Securities and Exchange Commission, and another by Rep. Patrick McHenry, R-N.C., on cybersecurity at consumer credit rating agencies such as Equifax.But the big development was the recent announcement that House Financial Services Republicans are pushing ahead with comprehensive consumer data security and breach notification legislation.“The core of the issue hasn't changed, and that demonstrates that data-breach legislation is hard,” an industry source said. “But because of Equifax there is a drive to get something done.”Multiple panels have latched onto the issue in the aftermath of the massive Equifax breach, but the Financial Services Committee is likely to be first out of the gate with legislation, probably early next year.Another key piece of legislation — consolidating and elevating the Department of Homeland Security's cyber functions — has cleared the House Homeland Security Committee but is subject to talks with other panels that claim jurisdiction over DHS. Senate Homeland Security and Governmental Affairs Chairman Ron Johnson, R-Wis., has said he won't get to his version until next year.Final action on that bill would be a crowning achievement for House Homeland Security Chairman Michael McCaul, R-Texas, who leaves that post at the end of the 115th Congress.Bipartisan legislation on cybersecurity of Internet of Things devices purchased by the government is advancing in both chambers. It's not as far along as the autonomous cars bills, but still a candidate for final action in the 115th Congress.That measure would address the cybersecurity of smart phones and other devices used by government employees, which are easy targets for hackers.Legislative action on election security also continues to draw bipartisan interest, but timing for actually moving a bill is unclear and may be influenced by the work of the intelligence committees investigating Russian interference in the 2016 elections.Beyond the spotlight of Equifax or the Russia probe, nuts-and-bolts cyber bills are moving. The House Science Committee is angling for a floor vote on a measure that would subject federal agencies to closer scrutiny of their cyber efforts.And a new bipartisan bill attracting attention would bolster cybersecurity efforts at the Department of Health and Human Services.The number and diversity of cyber measures in play reflects both growing interest among lawmakers and the sprawling nature of the cybersecurity challenge.The threat has also become more dangerous, pervasive, and insidious across all aspects of the country's digital economy and lifestyle.
Charlie Mitchell is editor of InsideCybersecurity.com, an exclusive service covering cybersecurity policy from Inside Washington Publishers, and author of “Hacked: The Inside Story of America's Struggle to Secure Cyberspace,” published by Rowman and Littlefield.