A presidential cybersecurity commission wraps up its information-gathering exercises with a hearing this week in Houston, a request for public comments and another event next month in Minneapolis as it aims to tie together a long-term cyberstrategy by a Dec. 1 deadline.
The Commission on Enhancing National Cybersecurity was launched under President Obama’s executive order this year. It has taken on a broad mandate to examine all facets of the cybersecurity policy puzzle and will put a final stamp on the outgoing president’s approach to cyber.
In Houston on July 14, for instance, the panel will discuss cybersecurity challenges facing operators of critical infrastructure such as pipelines, the electrical grid and telecommunications systems, as well as state and local-government issues. On Aug. 23 in Minneapolis, the retail sector’s cyberproblems top the agenda.
But the commission seems to be sharpening its focus on cyberissues of particular concern to smaller entities often seen as the weak link in the supply chains of larger corporations, or direct targets themselves for sophisticated cyberattacks.
Representatives of small businesses say they are encouraged, while expressing some concerns about how much the presidential panel can contribute between now and December when it issues its recommendations.
“They have a lofty mission and are trying to do a lot of things — it’s a tough task to look at so many facets of cybersecurity in such a short time frame,” said one source who represents smaller entities in a critical infrastructure sector. “That said, small and medium-sized business [SMB] issues are at the forefront of their minds.”
According to this source, commission member Maggie Wilderotter, former executive chairman of Frontier Communications, has been active in keeping SMB issues before the panel.
Robert Mayer, vice president at the United States Telecom Association, said the presidential commission appears to be examining “how to make cybersecurity part of the SMB community … They’re looking at innovations that can help overcome the barriers faced by SMBs, and want to rely as heavily as possible on technological innovation and market forces.”
Smaller entities need access to services and expertise, not just financial resources, the small-business source stressed. “I was very encouraged by everything [the commission] has said, but they have a very ambitious agenda,” the source said. “The sheer size of the mission is imposing.”
Bills to reorganize the Department of Homeland Security’s cybersecurity functions — and clarify how new liability protections apply to industry — won’t be getting a hearing this month after all.
The House Homeland Security Committee has passed a bill on DHS’s cyberactivities, and the Senate homeland panel has such a measure waiting in the wings, but other priorities have interceded.
Senate Homeland Security and Governmental Affairs Chairman Ron Johnson, R-Wisc., said that the DHS bill is a priority, but he is more focused on legislation to examine policy options surrounding encryption technologies.
A House source said that the chamber’s bill is still the subject of discussion among multiple committees of jurisdiction.
Some in the cyberindustry were hoping the DHS legislation could carry language that better spells out the legal immunity companies receive when sharing cyberthreat indicators with the government and among themselves.
Such immunity was included in the Cybersecurity Act of 2015, but industry observers say lingering questions are inhibiting companies from participating in info-sharing, a key goal of last year’s law.
Congress adjourns at the end of the week and won’t return until after Labor Day.
Charlie Mitchell is editor of InsideCybersecurity.com, an exclusive service covering cybersecurity policy from Inside Washington Publishers, and author of “Hacked: The Inside Story of America’s Struggle to Secure Cyberspace,” published by Rowman and Littlefield.
