Cybersecurity

Cyber bills caught up in turf spat

A House jurisdictional fight is holding up cyber legislation, said House Homeland Security Chairman Michael McCaul (R-Texas) in an interview.

Lawmakers have been pushing to update the 12-year-old federal information security laws, but two House committees can’t agree on who’s in charge of government websites.

Until they do, McCaul said, it’s going to be hard to move any cyber legislation.

The crux of the issue is whether the .gov sites are better suited under the watch of the Department of Homeland Security (DHS) or the Office of Management and Budget (OMB), McCaul said.

McCaul favors DHS, the Oversight and Government Reform Committee favors OMB.

“Government Reform is just throwing their jurisdictional flag down, saying, ‘Well no, we want OMB to control that, not DHS,’” McCaul said following an event at the Council on Foreign Relations. “OMB has three employees. OMB doesn’t want that mission.”

McCaul has the backing of top lawmakers on the Senate Homeland Security and Governmental Affairs Committee — Chairman Tom Carper (D-Del.) and ranking member Tom Coburn (R-Okla.).

Coburn is retiring at the end of the year. Oklahoma elected Rep. James Lankford to the Senate.

“Coburn and Carper and I strongly believe that the current reality is that DHS has the operational control over the .gov space,” McCaul said.

The argument “defies reality and common sense,” he added.

And it’s holding up other cyber legislation, including McCaul’s House-passed cyber information sharing bill.

McCaul estimated his office and Senate staffers have hammered out 80 percent of the details with his bill, which would direct the private sector to swap cyber threat information with the DHS.

But it won’t move until the jurisdictional question gets an answer, McCaul said.

Oversight Committee Chairman Darrell Issa (R-Calif.) has been a vocal proponent of updating the government’s information security requirements, currently detailed in the Federal Information Security Management Act.

Recent breaches have hit a number of federal agencies, from the White House on down to the Office of Personnel Management, the U.S. Postal Service and the National Oceanic and Atmospheric Administration.

The Oversight Committee has inserted itself in many of these cases. Next Wednesday, the committee will hold a hearing on the Postal Service breach, which exposed the information of 800,000 employees.  

McCaul said the two sides are currently involved “in some pretty intense negotiations” to settle the issue.

As a retiring senator, Coburn has prioritized the issue, McCaul said. Coburn “wants to fix that, certainly before he leaves.”