The Cybersecurity 202: Democrats promise their control of House means cybersecurity policy changes - Adaptus
cybersecurity policy

The election just ended, but Democrats are already promising that their control of the House of Representatives will bring some serious changes to cybersecurity policy.

Democrats have been critical of the Trump administration’s approach to cybersecurity over the past two years, from the president’s decision to eliminate the job of national cybersecurity coordinator to his inconsistent position on Russian interference in the 2016 elections. They’ve pressed Republicans to make serious improvements in election security, develop a solid deterrence strategy for cyberspace, and more.

When Democrats take control of the House in January,  they’ll have more power to shape the agenda in Washington. While cybersecurity is not always the flashiest talking point during an election, lawmakers positioning themselves for potential committee chairmanships in the next Congress are planning to dig deep on cybersecurity issues in the new year.

A spokesman for Rep. Bennie Thompson (Miss.), the top Democrat on the House Homeland Security Committee, said in an email that election security, the lack of cybersecurity leadership from the White House and supply chain security are top-of-mind.

Democrats plan to focus on these issues as part of a larger strategy of “rigorous oversight” of the Trump administration in the next Congress, the spokesman said. As my colleagues Karoun Demirjian, Tom Hamburger and Gabriel Pogrund reported, Democrats are prepared to open multiple investigations against Trump next year — including an examination of the president’s ties to Russia. (President Trump promised “a warlike posture” if that happens and said any efforts to investigate him would jeopardize bipartisan deals.)

Thompson’s spokesman accused Republican lawmakers of doing the bare minimum of oversight to “give cover to the Administration.”

“Congress cannot be a rubberstamp for the Administration,” the spokesman said. “We will focus on our diverse homeland security issues but also on defending and protecting our democracy, the rule of law and also on issues affecting people’s lives.”

We can expect that strategy will play out on the following cybersecurity issues that are sure to emerge in the next Congress:

Election security

Democrats have been calling for upgrades to outdated election infrastructure and pushing for a bill that would give states more money to improve aging and insecure systems. We can expect these efforts to continue in the next Congress. In the House, here’s one key player to watch: Rep. Adam B. Schiff (D-Calif.), who is expected to become chairman of the House Intelligence Committee.

As the 2020 election approaches, Schiff will likely intensify previous efforts to improve election security and disinformation.

He’s also been one of the most constant critics of the Republican-led committee’s probe to investigate Russian interference in the 2016 election — and told the Atlantic in an interview published Wednesdaythat he plans to probe several uncomfortable topics for the Trump administration, including Russia.  “The congressman declined to detail the next steps of a possible investigation into Russia’s interference in the 2016 election, but indicated that he sees the work as correcting the failures of the House Intelligence Committee’s earlier Republican-led probe. That inquiry existed alongside investigations by [Robert] Mueller and the Senate Intelligence Committee, and petered out last spring amid partisan acrimony.” The comments in an interview before the election were published the same day that Attorney General Jeff Sessions was fired.

Increased scrutiny of Russia– and the Trump administration’s response — could have broader implications for how the U.S. handles election security moving forward. Schiff has previously been critical of the lack of coordination in the federal government on cybersecurity issues. He’s also called for a real-time communication channel between the Department of Homeland Security and technology companies to identify campaigns on social media tied to Russia, according to a Reuters report.

Privacy

Democrats and Republicans broadly agree that consumers need a federal privacy law. But the devil may be in the details, and we could see partisan lines emerge on what such a privacy framework should include.

Lawmakers are under the gun to pass a federal privacy law before 2020, when a sweeping California privacy law is set to go into effect. Republicans and technology companies want to preempt that law, which technology companies say was passed too quickly and will be challenging to enforce. Many Democrats also don’t want to see Americans have different privacy rights based on what state they live in, but they have said they will not support a watered-down national privacy bill.

“Democrats have said the bar is high,” said Craig Albright, vice president of legislative strategy for The Software Alliance, a trade group representing technology companies. “We think a federal law doesn’t mean a weak law.”

We can also expect Democrats to leverage hearings to provide more oversight of the tech companies’ privacy practices.

China and other foreign adversaries

Intellectual property theft and securing the supply chain are likely to be important issues for the next Congress. Lawmakers have long cited the risks of doing business with foreign IT companies like ZTE and Huawei, which are tied to the Chinese government.

In recent weeks, the Trump administration has stepped up its efforts to curb Chinese espionage. As we reported last week, the administration introduced a broad new program focused on deterring espionage — in addition to a flurry of sanctions on people and companies the U.S. alleges stole trade secrets from an American company.  As Axios has reported, the Trump administration is expected to continue to elevate cybersecurity issues with China to underscore that Russia isn’t the only “bogeyman.”

This could put more pressure on Democrats in the house to address supply chain security. Thompson was among the members of the Homeland Security Committee who sponsored a bill that would give DHS authority to ban contractors that pose cybersecurity risks.  That bill passed the House this fall and went to the Senate. But the committee could seek to take broader action on the issue.

It remains to be seen who will lead the Democrats’ supply chain security efforts on the Senate side. Senator Claire McCaskill (D-Mo.) had introduced a bill addressing supply chain security threats with James Lankford (R-Okla). But McCaskill lost her Senate seat on Tuesday to Republican Josh Hawley.  McCaskill’s bill would have established a council responsible for evaluating supply chain risks, according to The Hill.

  • Content by: Cat Zakrzewski on November 8, 2018
  • Orginally piblished at: https://www.washingtonpost.com/news/powerpost/paloma/the-cybersecurity-202/2018/11/08/the-cybersecurity-202-democrats-promise-their-control-of-house-means-cybersecurity-policy-changes/5be326cd1b326b392905466a/?utm_term=.0d99ea779a02
  • Image credit: James Lawler Duggan/Reuters

EZAssign Version 1.31 Pre-Release for Customers Attending Dreamforce this week? Look for EZAssign and EZProtect in the Developer Lounges!