At the RSA Conference in San Francisco, on February 14, 2017, a panel of representatives from US Congressional committees concerned with security discussed the state of cyber affairs in DC, with Russia being the dominating force. Read More >>
Their remarks reflected many open questions on policy in general and uncertainty around the direction the Trump Administration may take.
- Michael Brown, VP and GM RSA Global Public Sector, RSA, Moderator
- Michael Bahar, Minority Staff Director and General Counsel, House Permanent Select Committee on Intelligence
- Daniel Lerner, Professional Staff Member, US Senate Committee on Armed Services
- Kirk McConnell, Professional Staff Member, U.S. Senate Committee on Armed Services
- Brendan Shields, Staff Director, House of Representatives Committee on Homeland Security
Brown: What is your committee considering around cyber?
Lerner: The Senate Armed Services Committee has broad jurisdiction. We’ve been very active on cyber, particularly in coordination with the Department of Defense. We pass cyber legislation every year, with forty provisions just in the last year.
Bahar: In 2015 we passed surveillance reform (the Freedom Act), and the Cyber Information Sharing Act of 2015, working with DHS. There are many open issues. Should there be legislation? If we’re going to partner with private sector, what’s the best way to do that? How much will be shaped by the courts? The Internet of Things will probably find its way there. Liability will get litigated.
Brown: What cyber priorities do you see in this session of Congress?
Bahar: Russia. What just happened? How? How do we make sure it doesn’t happen again? The House and Senate Intelligence committees are having separate inquiries into the hacking and influence campaign to affect our elections. Also, FISA section 702 is up for re-authorization in September. That’s where the intelligence community can find out what is being done against US interest and safety.
Lerner: How are we able to deter against cyber adversaries? By denying, or by imposing consequences. So far they’ve been pretty inconsequential. It starts from Executive Branch – what authorities do they give to government executive entities? The status quo is insufficient. Russia gives us the opportunity to look introspectively and prepare for future warfare.
Shields: The softer side also matters – the ability to lead, to get people to talk to each other and work together. Cyber is international – are we sharing with other countries? Privacy issues are also important. How does this impact the bottom line of companies?
Lerner: There is a jurisdictional issue. Everyone wants to see the lead cyber org be in their agency. Congress has issues navigating the jurisdictional challenges. Who is best suited to lead it? Does it even exist yet?
Bahar: Jurisdictional problems are not just from dysfunction. There are challenges with assessing exactly where it should sit, based on an agency’s current purpose and responsibilities.