By Geoff Fein
While congress is looking to take more of a leadership role in developing cyber security legislation, issues remain about which committees have jurisdiction over protecting the nation’s networks, according to a Hill staffer.
Additionally, the private sector will have to help educate lawmakers who don’t necessarily understand the cyber security issue, Jake Olcott, director of the House Homeland Security Committee subcommittee on emerging threats, cybersecurity, and science and technology.
Olcott addressed the issue of developing the public/private partnership during a panel discussion at Tuesday’s Defense Daily Cyber Security Summit in Washington, D.C.
Speaking four days after the White House issued the long awaited 60-day cyber security review, Olcott said lawmakers are very supportive of the study.
“It’s fairly broad and accomplished what it exactly was intended to do,” he said. “Raise the dialogue…identify policy gaps.”
Now the question is “where do we go from here,” Olcott said.
That role will either be filled by the cyber coordinator that President Obama is expected to soon name, various agencies that are involved in cyber security, or Congress, he added. “[Lawmakers] are looking at taking more of a leadership role.”
Olcott acknowledged there are some people who may not want to see more of a legislative role in cyber security.
He told members of the private sector that it’s there obligation to educate policy makers. “It’s really the most valuable thing you can do.”
One area they could provide help is in bridging the generational gap, on cyber issues, that exists on the Hill today.
“Younger members understand the inherent problems of a network society. Members that have been around a longer period of time have not necessarily grown up in this networked world,” Olcott said. “They do not have the same understanding or complexity. We really need your best efforts to educate everyone. A major role you call can play is to come to the Hill…meet with you representatives…committee chairman.”
Members have been hearing that the Comprehensive National Cybersecurity Initiative (CNCI) has been a point of friction–that contractors don’t know what’s in it, don’t know how to engage the government over it, Olcott added.
“Our hope is that the more openness we have will allow [the private sector] to understand what the federal government is looking for,” he said.
Olcott noted there would be a lot of money involved and a lot of opportunities for contracts as the nation moves forward on cyber security.
On the other hand, there are some dangers that have to be dealt with too, he added.
“The federal government for a very long time took a sort of hands-off approach with contractors, and we didn’t build into contracts what we expected when it came to securing our networks,” Olcott said. “That time is over. There are going to be a lot of changes to the FAR and DFAR coming up in the next months and years…a lot of changes to contractual language.”
Lawmakers will also have to work out who has jurisdiction on cyber security.
“It is very difficult to write legislation in the House these days because of Rule 10,” Olcott said. “Rule 10 lays out jurisdiction for all the different committees. One noticeable absence from Rule 10 is any mention of cyber security or IT or anything like that. Anyone who writes a bill about cyber security doesn’t know where it is going to go.”
The reason for this is that cyber security wasn’t anyone’s responsibility, he added.
As committees begin to claim jurisdiction over cyber security, it is incumbent upon members to work out issues satisfying whatever comes up, Olcott said.
“One particular issue we are dealing with right now is cyber security in the electrical grid,” Olcott said. “[The legislation] was written by Chairman [Bennie] Thompson (D- Miss.) based on an extensive hearing record we had put together through the Homeland Security committee. But you can’t bring a bill on the electric grid without touching the regulators of the grid itself. FERC (federal energy regulatory commission). FERC jurisdiction is controlled by the energy and commerce committee. We have our bill, and there is also the energy and commerce bill.
‘A lot of committees are looking to the White House to provide some sort of leadership…policy framework…to work out some of the issues,” he added.