Election unlikely to slow U.S. cybersecurity efforts

Experts do predict one big change: Republicans are less likely to push mandates on private industry

The current U.S. strategy for dealing with cybersecurity and privacy issues is unlikely to be significantly changed by the power shift that came with last week's midterm elections, experts said.

Some course corrections are to be expected for sure, but security experts say that cybersecurity privacy efforts are more likely to garner bipartisan support than many other issues that will come before Congress.

"In the current environment, security and privacy are purple issues," not red or blue ones, said Amy Mushahwar, an attorney in the Washington, D.C., office of Reed Smith LLP.

Many of the Republican lawmakers who are expected to lead key House committees in the next Congress are seen by analysts as sharing with their predecessors a commitment to boost cybersecurity and privacy regulations.

In the U.S. Senate, where the Democratic party retains control, analysts expect current cybersecurity and privacy goals to remain in place.

Experts do note that the Republican-led House of Representatives is less likely to pursue legislation that would impose major new regulations on industry or on critical infrastructure sectors such as power utilities or financial services. And Republican lawmakers in general have been somewhat less keen than their Democratic counterparts to push issues such as Net neutrality.

One area where the changes in leadership will be closely watched is the powerful House Committee on Energy and Commerce, currently chaired by Rep. Henry Waxman (D-Calif.).

Rep. Joe Barton (R-Texas), currently the ranking minority member of the Energy and Commerce Committee, is expected by some to take over Waxman's role as chairman of the committee.

Barton has already signaled his intent to push for tougher Internet privacy policies.

In a statement released Wednesday, Barton said that the Energy and Commerce Committee next year will put "Internet privacy policies in the crosshairs. I want the Internet economy to prosper, but it can't unless the people's right to privacy means more than a right to hear excuses after the damage is done."

The statement was part of a response by the committee to a letter from Facebook CEO Mark Zuckerberg that answered 18 questions posed by Barton and the committee's current chairman, Rep. Edward Markey (D-Mass.), about the social networking company's privacy practices.

Experts expect that two other Republican members of the committee, Fred Upton (R-Mich.) and Cliff Stearns (R-Fla.), will play key roles in creating cybersecurity and privacy rules.

Upton has strongly opposed Net neutrality regulations proposed by Waxman this year, and he has expressed opposition to granting the FCC any new authority to oversee the Internet. At the same time, Upton has sponsored legislation aimed at protecting the electric grid against physical and cyber attacks.

Stearns, currently the ranking member of the Energy Committee's subcommittee on Communications, Technology and the Internet, was a co-sponsor with the subcommittee's current chairman, Rep. Rick Boucher (D-Va.), of a bill that would regulate marketing data used by companies for behavioral, or interest-based, advertising activities. The bill would require increased disclosure of privacy practices and the manner in which companies collect, use, share and store data.

Boucher was not re-elected last week; Stearns is expected to be involved in pushing the bill again next year.

Another key bill, introduced by Illinois Democrat Rep. Bobby Rush, is a somewhat more stringent version of the Boucher bill that would give the FTC more enforcement authority on cybersecurity and Internet privacy matters.

Mushahwar said she expects that neither bill will come up to a vote before the new Congress is sworn in early next year.

She did note that there's a good chance that a version of Boucher's bill will be re-introduced next year with some significant tweaks. Any new proposal would likely change the Boucher bill's requirement that companies get opt-in from users before sharing their data. An opt-out clause is more likely under a Republican approach that favors industry self-regulation rather than privacy and security mandates, she said.

Alan Paller, director of research at the SANS Institute, said that the Republican gains in last week's election set the stage for stronger cybersecurity and privacy efforts in the House. A lot of the initiatives in this area over the past two years have come in the Senate, he noted.

"The Senate took the lead, and now they will have a strong partner in the House," Paller said.

Rep. Jim Langevin (D-R.I.), who co-founded the bipartisan House Cybersecurity Caucus in 2008, is expected to play a key role in cyber matters in the next Congress, Paller said. Key Republicans on cybersecurity issues include Rep. Mac Thornberry of Texas, former chairman of the House subcommittee on cybersecurity, science, research and development, Dan Lungren (R-Calif.), the ranking member of a House subcommittee on cybersecurity, and Michael McCaul (R-Texas), co-chair of a commission that developed cybersecurity recommendations for President Barack Obama.

"This is pretty much a bipartisan area," Paller said. The combination of some strong Republicans and the continuing efforts by Langevin and other Democrats should keep cybersecurity in the forefront, he added.

However, "you might see a pullback of pressure to get companies to live up to their responsibilities" on cybersecurity in a Republican-led House, he said. Specifically, there might be a slowdown in efforts to get power companies to comply with stricter security safeguards, he said.

Jaikumar Vijayan covers data security and privacy issues, financial services security and e-voting for Computerworld. Follow Jaikumar on Twitter at @jaivijayan, or subscribe to Jaikumar's RSS feed . His e-mail address is jvijayan@computerworld.com.

Copyright © 2010 IDG Communications, Inc.

7 inconvenient truths about the hybrid work trend
Shop Tech Products at Amazon