Capitol Wire July 2011 by Bertelsmann Foundation

CapitolWire

Inspiring People. Shaping the Future.

The Brussels Connection to Capitol Hill

WASHINGTON, DC 1101 New York Avenue, NW Suite 901 Washington, DC 20005 USA Contact: Tyson Barker Contact: Tyson E-mail: tyson.barker@bertelsmanntyson.barker@bertelsmann- foundation.org Tel: (+1) 202.384.1993 Tel: www.bertelsmann-foundation.org

BRUSSELS Résidence Palace Rue de la Loi 155 1040 Brussels, Belgium Contact: Thomas Fischer Contact: Thomas E-mail: E-mail: thomas.fischer@bertelsmannthomas.fischer@bertelsmann- stiftung.de Tel: (+32 2) 280.2830 Tel: www.bertelsmann-stiftung.de/brussels www.bertelsmann-stiftung.de/brussels

CapitolWire is a joint publication of the Bertelsmann Foundation offices in Washington, DC and Brussels. It connects the European Parliament to Congressional policy and politics, and contributes to a common trans-Atlantic political culture. CapitolWire is an occasional publication that highlights issues, legislation and policymakers relevant to the European Parliament’s legislative cycle. This publication also looks at the Congress from the point of view of European Parliament staffers and offers timely operational analysis.

Developments in Digital Security: The US Unveils New Cyber Strategy KEY POINTS • The White House has unveiled its cyber security legislative proposals and its new “International Strategy for Cyberspace”. Both lay the foundation for the administration’s efforts to secure critical infrastructure, protect the US from cyber attacks, and increase cooperation with the private sector. However, not all in Congress agree with the specifics of the proposals. • While more than 55 pieces of legislation dealing with cyber security were introduced during the 111th Congress, the only major item under serious consideration in the 112th Congress is a Senate bill introduced and sponsored by Senators Joe Lieberman, Susan Collins and Tom Carper, all of whom are members of the Senate Committee on Homeland Security and Government Affairs. • The Lieberman bill will likely have to be reconciled with the White House proposals, with which it competes. Reconciliation may be difficult given the absence of an agreement on the emergency powers to be granted to the president in the event of a major cyber attack or on the need for a central White House Office of Cyberspace Policy.

p President Obama with White House Cybersecurity Coordinator

Following similar strategic moves undertaken since last year in Germany and the United Kingdom, the Obama administration announced in May that it would begin pursuing a fundamentally overhauled cyber security initiative. This step promises to foster a more robust US cyber infrastructure, to strengthen US defenses against cyber attacks, to provide greater protection for consumers, and to expand international cooperation and

enhance public-private partnership through streamlined communication channels and platforms. In terms of national security, the Pentagon followed the administration’s release by announcing that it now classifies cyber attacks as equivalent to conventional armed attacks. The Defense Department warned that the US would not hesitate to use force in response to foreign attacks on US cyber and critical infrastructure, deeming them acts of war.

Howard Schmidt

J U LY 2 0 1 1

ABOUT THE BERTELSMANN FOUNDATION: The Bertelsmann Foundation is a private, nonpartisan operating foundation, working to promote and strengthen trans-Atlantic cooperation. Serving as a platform for open dialogue among key stakeholders, the Foundation develops practical policy recommendations on issues central to successful development of both sides of the ocean.

The announcement of fundamentally revamped cyber security legislative proposals comes Cybersecurity Task Force led by Congressman after nearly two years of hearings and congressional briefings. The proposals reflect the Mac Thornberry (R-TX) had been formed. People. Shaping the Future. Obama administration’s broader cyber security ambitions, which began to take shapeInspiring when Boehner had actually selected Thornberry the president first ordered a cyber security policy review shortly after taking office in 2009. for the position before the 112th Congress even convened. The purpose of the explicitly Not everyone is cheering the moves. Congressmen Melvin Watt (D-NC) and Darrell Issa partisan task force is ostensibly to provide a (R-CA) charged that the plans offer less protection for consumer privacy and data security Republican response to President Obama’s while providing loopholes for telecom companies to access citizens’ private information. legislative proposal. The results of the The Brussels Connection to Capitol Hill Congressman Bob Goodlatte (R-VA) who has long questioned whether the government should Republicans’ analysis are due in October. play such a dominant role in providing (and regulating) digital security, and whether regulatory BRUSSELS WASHINGTON, DC involvement would, in fact, hinder innovation and further harm economic growth, echoed Résidence Palace 1101 New York Avenue, NW Rue de la Loi 155 Suite 901 his colleagues’ concerns. Goodlatte is particularly uneasy about the expansion of oversight House Cybersecurity 1040 Brussels, Belgium Washington, DC 20005 USA and regulatory power vested in the Department of Homeland Security (DHS) in matters of Task Force Contact: Thomas Fischer Contact: Tyson Barker cyber security, especially as it relates to federal and private critical-infrastructure networks. E-mail: tyson.barker@bertelsmann- Chair E-mail: thomas.fischer@bertelsmannstiftung.de Others, such as Congressman Jim Langevin (D-RI, ranking member of the Subcommittee on foundation.org (R-TX) Tel: (+1) 202.384.1993 Mac Thornberry Tel: (+32 2) 280.2830 Emerging Threats and Capabilities in the House Armed Services Committee) faulted the www.bertelsmann-foundation.org www.bertelsmann-stiftung.de/brussels Members White House plan for not integrating enough elements of the legislation already proposed, Robert Aderholt (R-AL) such as the inclusion of an Office of Cyberspace Policy with a Senate-approved administrator (a criticism also long made by Congresswoman Diane Watson (D-CA)). Langevin also argued Jason Chaffetz (R-UT) that the plan does not go far enough in encouraging businesses to take cyber security Mike Coffman (R-CO) more seriously. Bob Goodlatte (R-VA)

CapitolWire

Robert Hurt (R-VA)

Unsurprisingly, the Senate Committee for Homeland Security and Government Affairs – three members of which, Senators Joe Lieberman (I-CT), Susan Collins (R-ME) and Tom Carper (DDE), are the sponsors of a significant cyber security bill – openly embraced the White House proposal and stated that it hopes to work further on passing legislation with many of its elements. Others in the Senate, such as Jay Rockefeller (D-WV) and Olympia Snowe (R-ME), who have backed similar legislation, also lauded the administration’s strategy, even if they also expressed regret on the time it took to release it.

Bob Latta (R-OH) Dan Lungren (R-CA) Mike McCaul (R-TX) Tim Murphy (R-PA) Steve Stivers (R-OH) Lee Terry (R-NE)

These developments were quickly followed by the June 24 announcement by House Speaker John Boehner (R-OH) and Majority Leader Eric Cantor (R-VA) that a new House

Legislative Landscape The major bill currently being reviewed and reconciled is the Lieberman/Collins/Carper “Cybersecurity and Internet Freedom Act”, which has been revised for 2011. The previous Congress’ attempt was the Rockefeller/Snowe “Cybersecurity Act of 2010”, which was approved by the Senate Committee on Commerce, Science and Transportation in March 2010, but never made it to the Senate floor for debate. That moderate success, however, came only after significant revisions of several highly controversial elements in the original bill, including one provision that critics argued gave the president wide-reaching emergency powers to shut off private and public access to the Internet in the event of a critical cyber attack. This is the so-called “kill-switch” provision. In its place, the bill made clear that the administration would rather work collaboratively with businesses and government agencies in such an emergency. The newest version of the bill introduced by Senators Lieberman, Collins and Carper denounced the inclusion of such a “kill-switch” provision in any form. It seeks instead to “establish the essential point of coordination across the executive branch”. Additionally, the 2011 bill calls for the establishment of a central office within the executive branch to deal exclusively with cyber attacks. This mimics the set-up in the UK but differs from the more general coordination bodies found in Germany.

Susan Collins

Congressman Daniel Lipinski (D-IL). The Clarke bill was largely designed to ensure that the administration keeps Congress informed in all matters pertinent to cyber crime, infrastructure protection, and the technological activities and capacities of other countries (within the context of combating international cyber crime). The Lipinski bill was designed to advance domestic research and development, technical standards and more

J U LY 2 0 1 1

In the House of Representatives, two significant cyber security-related bills were the “International Cybercrime Reporting and Cooperation Act”, introduced by Congresswoman Yvette Clarke (D-NY) in 2010, and the Cybersecurity Enhancement Act of 2010, introduced by

p Legislation co-sponsors Senators Tom Carper, Joe Lieberman and

comprehensive public education on cyber security issues. The Clarke bill never made it beyond Lipinski’s co-sponsorship. Senator Robert committee referral and as of yet has not been re-introduced into the 112th Congress. The Menendez (D-NJ) has announced plans Shaping Future. Lipinski bill fared better, having overwhelmingly passed the House 422-5. But it did notInspiring move to People. introduce later this year the a Senate bill beyond referral to the Senate Committee on Commerce, Science and Transportation. However, designed to mirror the House bill. despite this setback (and others), the bill, now called the “Cyber Security Enhancement Act of 2011”, has been re-introduced by Congressman Michael McCaul (R-TX), with Congressman

CapitolWire

The Connection Capitol Hill OtherBrussels significant legislation introducedto in 2010 and 2011 is listed below. Sponsors are listed in parentheses. Senate WASHINGTON, DC 1101 New York Avenue, NW S. 813 – Cyber Security Public Awareness Act of 2011 (Senator Sheldon Whitehouse, D-RI) Suite 901 S. 372 – Cyber Security and Internet Safety Standards Act (Senator Benjamin Cardin, D-MD)

BRUSSELS Résidence Palace Rue de la Loi 155 1040 Brussels, Belgium Washington, DC 20005 USA Contact: Thomas Fischer Contact: Tyson Barker E-mail: tyson.barker@bertelsmann- E-mail: thomas.fischer@bertelsmannHouse foundation.org stiftung.de H.R. 1136 – Executive Cyberspace Coordination Act of 2011 (Congressman James Langevin, D-RI) Tel: (+1) 202.384.1993 Tel: (+32 2) 280.2830 H.R. 174 – Homeland Security Cyber and Physical Infrastructure Protection Act of 2011www.bertelsmann-foundation.org (Congressman Bennie Thompson, D-MS) www.bertelsmann-stiftung.de/brussels

H.R. 5548 – Protecting Cyberspace as a National Asset Act of 2010 (Congressman Jane Harmon, D-CA) Recent Hearings/Testimony: • Hearing: House Committee on Oversight & Government Reform – “Cybersecurity: Assessing the Nation’s Ability to Address the Growing Cyber Threat” (July 2011) • Hearing: Senate Committee on the Judiciary, Subcommittee on Crime and Terrorism – “Cybersecurity: Evaluating the Administration’s Proposals” (June 2011) • Hearing: Senate Committee on the Judiciary, Subcommittee on Crime and Terrorism – “Cybersecurity: Responding to the Threat of Cyber Crime and Terrorism” (April 2011) • Hearing: House Committee on Oversight and Government Reform, Subcommittee on National Security, Homeland Defense, and Foreign Operations – “Cybersecurity: Assessing the Immediate Threat to the United States” (May 2011) • Hearing: House Energy and Commerce Committee, Subcommittee on Energy and Power – “Protecting the Electric Grid: H.R.____, the Grid Reliability and Infrastructure Defense Act” (May 2011) • Hearing: House Committee on the Judiciary – “Cybersecurity: Innovative Solutions to Challenging Problems” (May 2011) • Hearing: House Committee on Homeland Security, Subcommittee on Cybersecurity, Infrastructure Protection and Security Technologies – “The DHS Cybersecurity Mission: Promoting Innovation and Securing Critical Infrastructure” (April 2011) • Hearing: House Committee on Homeland Security, Subcommittee on Cybersecurity, Infrastructure Protection and Security Technologies – “Examining the Cyber Threat to Critical Infrastructure and the American Economy” (March 2011)

Issues Moving Forward The most controversial issue ahead is arguably the proposed White House Office of Cyberspace Policy. It’s unclear if that will make its way into final draft legislation. While Senator Lieberman has stated that this is a priority in his bill, the White House proposal gives the office short shrift. Creating such an entity may be a sticking point for the Senate or the House.

Federal Information Security Management Act of 2002. But fear that DHS could abuse

its role means that provisions in any final legislation must be ironed out to avoid confusion about the Department’s powers and autonomy.

Another point of contention may come over from DHS’s role in managing cyber security. The White House strategy formalizes DHS’s current security role, essentially updating the

J U LY 2 0 1 1