Polls show Democrats within striking distance of capturing a Senate majority, and such a flip would almost certainly push cybersecurity policy toward more compulsory regulation and away from the current consensus around a voluntary, industry-driven approach.
Policy implications of a Democratic Senate majority might be felt most profoundly in committees on the periphery of cybersecurity debates rather than in the homeland security and intelligence panels always at the center of cybersecurity policymaking.
Change may come at the top of those committees, but the policy arc is likely to remain the same.
Senate Intelligence Chairman Richard Burr, R-N.C., appears to hold a slight lead over former North Carolina American Civil Liberties Union director Deborah Ross in his re-election race.
However, if the Democrat overcomes the 1- or 2-point deficit seen in recent independent polling, she would bring a dramatically different perspective on issues like liability protection for companies in the cyberinformation-sharing space.
On the other hand, Sen. Dianne Feinstein, D-Calif., Burr’s likely successor as Intelligence chair if Democrats win the Senate, would probably continue along the same cybersecurity policy path; Burr and Feinstein have collaborated closely on cybersecurity issues over the past two years and were chief architects of the Cybersecurity Act of 2015.
Likewise, should Homeland Security and Governmental Affairs Chairman Ron Johnson, R-Wis., lose his race to Democratic former Sen. Russell Feingold, a staunchly pro-law enforcement/intelligence community senator would be giving way to a fierce privacy/civil liberties advocate.
But the homeland security gavel under a Democratic majority would be in familiar hands, passing to Sen. Tom Carper, D-Del., another key author of last year’s cybersecurity bill.
Johnson has consistently trailed Feingold — the race appeared to be tightening in recent weeks, but two polls released last week showed Feingold up by 8 and 12 points, respectively.
The latest Senate polls suggest Democrats would enjoy a net four-seat gain if the election were held today — good for a 50-50 split in the Senate and Democratic control if Hillary Clinton defeats Donald Trump.
That would mean new Democratic chairmen of the Senate Commerce, Judiciary, Banking and Health, Education, Labor and Pensions panels. And unlike the Democratic leaders on the intelligence and homeland security panels, the new leaders of these other committees would probably come at the cybersecurity issue with more of a regulatory bent.
Sen. Bill Nelson, D-Fla., at commerce, has frequently said he wants to move aggressively on a national data security and breach notification standard, an issue that could also capture the attention of Sen. Sherrod Brown, R-Ohio, at banking.
Sen. Patrick Leahy, D-Vt., who would take the gavel at judiciary, has frequently suggested that the prevailing voluntary, industry-government collaborative approach to cybersecurity needs a stronger regulatory backbone. Nelson and Brown have made similar remarks.
At the HELP Committee, current Chairman Lamar Alexander, R-Tenn., and ranking member Patty Murray, D-Wash., have closely collaborated on cybersecurity issues and that approach would probably continue, much to industry’s relief.
Overall, a general policy consensus has prevailed in the Senate in recent years, based on a collaborative approach between industry and government — as epitomized in the passage of last year’s law.
But new Democratic chairmen — and a new majority leader, Sen. Chuck Schumer of New York — would reshuffle the policy deck, with uncertain implications.
Charlie Mitchell is editor of InsideCybersecurity.com, an exclusive service covering cybersecurity policy from Inside Washington Publishers, and author of “Hacked: The Inside Story of America’s Struggle to Secure Cyberspace,” published by Rowman and Littlefield.
