Intensified Bipartisan Call for Senate Select Cybersecurity Committee May Not Yield New Panel
A renewed and bipartisan push for a Senate panel on cybersecurity may not result in the creation of such an entity, lawyers and lobbyists said in interviews Monday. Four senior senators, including incoming Senate Minority Leader Chuck Schumer, D-N.Y., and Senate Armed Services Committee Chairman John McCain, R-Ariz., intensified a push for Senate Majority Leader Mitch McConnell, R-Ky., to create a Senate select committee on cybersecurity in response to claims that Russia hacked U.S. institutions to affect the outcome of the 2016 presidential election. Sens. Lindsey Graham, R-S.C., and Jack Reed, D-R.I., joined McCain and Schumer Sunday in calling for the new committee. Congressional Cybersecurity Caucus Co-Chairman Jim Langevin, D-R.I., called Friday for Speaker Paul Ryan, R-Wis., to create a House select cybersecurity committee.
The senators’ Sunday letter to McConnell followed an earlier push by McCain to create a committee that would specifically examine Russia’s involvement in the hacking of Democratic National Committee servers and other election-related hacks. McCain encountered resistance during past attempts to create a unified Senate cybersecurity committee, and even the controversy over possible Russian interference in the U.S. election may not be enough to make his latest push succeed, said industry lawyers and lobbyists.
Cybersecurity “cuts across and involves multiple committees of jurisdiction,” including the Senate Armed Services, Commerce, Foreign Relations, Homeland Security, Intelligence and Judiciary committees, the senators said in their letter. “Despite the good work that these and other committees have done on their own, cyber is the rare kind of all-encompassing challenge for which the Congress's jurisdictional boundaries are an impediment to sufficient oversight and legislative action. Only a select committee that is time-limited, cross-jurisdictional, and purpose-driven can address the challenge of cyber.” Langevin noted at least 80 congressional committees and subcommittees that handle aspects of cybersecurity. A unified cybersecurity committee “is the best way to streamline oversight and ensure a thorough, fair investigation into this disturbing attack on our democracy,” Langevin told Ryan.
The proposed Senate cybersecurity committee’s bailiwick wouldn't focus entirely on the Russian hacks, but a “comprehensive investigation” of those incidents would be a “critical” task, the senators said. They said the committee should “inform the public as much as possible, while protecting classified information, about the facts of the case and what actions could reasonably have been taken across the federal government to deter or defend against this interference.” The Senate committee should more broadly “tackle the issue of cyber in its entirety and develop comprehensive recommendations and, as necessary, new legislation to modernize our nation's laws, governmental organization, and related practices to meet this challenge.” The committee should disband “upon completion of these tasks,” the senators said.
McCain and Schumer separately stressed Sunday that the Senate committee’s focus on Russian election-related hacking incidents wouldn’t be a political act aimed at delegitimizing President-elect Donald Trump. “We don’t want it to just be finger pointing at one person or another,” Schumer said during a news conference. “We want to find out what the Russians are doing to our political system and what other foreign governments might do to our political system, and then figure out a way to stop it. Only a select committee can do it.” A select committee should broadly examine “the whole issue of cyberwarfare, where we have no strategy or no policy,” McCain said on CNN’s State of the Union.
McConnell intends to review the senators’ letter, a spokesman said. The spokesman referred us to McConnell’s previous statements in which he favored an investigation led by the Senate Intelligence Committee. Senate Intelligence Chairman Richard Burr, R-N.C., has said he plans a combination of public and classified hearings on the Russian hacks.
Russia’s election-related hacking of U.S. institutions is just the latest potential catalyst for creating unified House and Senate cybersecurity committees -- an idea that McCain and other lawmakers have floated for years, said several lobbyists. McCain warned in 2014 that the Senate needed to create a select cybersecurity committee before a cyber “Pearl Harbor” event (see report in the Feb. 28, 2014, issue). It’s not clear that even the Russian hacking controversy will be enough to overwhelm resistance to unified select committees, as evidenced by the fact that McConnell “has not voiced any strong support for this concept,” said Venable cybersecurity and telecom lawyer Jamie Barnett. “That may mean it’s not going to go anywhere.”
Use of the Russian hacking controversy as a reason for needing the cyber committees can “cut both ways,” an industry lobbyist told us. The crisis caused by the hacks “does bring the issue into sharp focus” but proponents of a select committee “need to be clear that no one is trying to delegitimize” Trump’s election via the committee, Barnett said: “To the degree people can paint this as a partisan issue, they may be able to defeat” the proposal. Trump has continued to say the claims about Russian interference in the election are “ridiculous” and “just another excuse” to delegitimize his election. President Barack Obama vowed last week to respond to the DNC hack and other election-related attacks, which he said “happened at the highest levels of the Russian government.” The FBI joined the CIA last week in confirming the Russian government’s involvement in the hacks.
The creation of select House and Senate cybersecurity committees is an action that’s long overdue given the problems posed by fragmented committee jurisdiction on cyber-related issues, said Internet Security Alliance President Larry Clinton. ISA believes diversified congressional jurisdiction on cybersecurity has led to “piecemeal and inadequate” legislation, so consolidating responsibility for the issue “is really important,” Clinton said. “It’s critical that this issue be taken seriously and we have seen since 9/11 the challenges that exist when no one committee owns an issue,” said Norma Krayem, Holland & Knight cybersecurity policy expert. “Cybersecurity is a unique issue that needs to be taken seriously and if it helps to have a select committee, it's worth a robust discussion."
Potential House and Senate select cyber committees must increase Congress’ overall engagement on cybersecurity issues, not just on the Russian hacks, Clinton told us. “The entire issue area needs a great deal more attention,” including cybercrime and disruptions in the private sector, he said. Select committees should focus in part on improving collaboration with the private sector, Clinton said. A select cyber committee in either the House or Senate should examine ways to improve incentives for the private sector to improve cyber risk management practices, Barnett said. Congress could potentially examine cybersecurity incentives as part of a possible revamp of tax law, he said.