6. 2012: The Debate on Capitol Hill
Key Pillars:
1. Critical Infrastructure
2. Information Sharing
3. DHS v. NSA
Low-Hanging Fruit:
Education/Workforce
Research & Development
Cyber Awareness
FISMA Reform
7. Securing Critical Infrastructure
Mandatory Standards:
Cybersecurity Act of 2012
v1.0 (Senate)
Voluntary Standards:
Cybersecurity Act of 2012
v2.0 (Senate)
Market Solution:
House of Representatives
8. Legislating Information Sharing
2. Who are you sharing it with?
• Civilian Agency? Intelligence
Community? Department of Defense?
1. What are you sharing?
• PII or Threat Signatures?
3. What can it be used for?
• Limited to specific purposes?
4. What is the Standard of Liability?
• Full Indemnity? Negligence?
9. The Interest Groups
Baseline Standards
Improved Visibility
Anonymize Info
Civilian Agency
Clear Definitions
Negligence Standard
No Mandates
Legal Protection
National
Security Leaders
Privacy & Civil
Liberties
Business
(Chamber of
Commerce)
10. 2013: Executive Order 13636
Policy Results:
“Industry-led, government
facilitated” best practices
(NIST)
Increase USG Industry
Info Sharing
Privacy & Civil Liberties
Oversight
11. A New Agenda for 2013
Political Result: A Smaller
Congressional Agenda
Critical Infrastructure
Information Sharing
Role of DHS
Education & Workforce
Research & Development
Awareness
FISMA Reform
12. Cyber Bills
Committee United States Senate House of Representatives
Homeland Security
National Cybersecurity &
Communications Integration Center
Act
DHS Cybersecurity Workforce
Recruitment & Retention Act
Federal Information Security
Amendments Act
National Cybersecurity &
Critical Infrastructure
Protection Act
Critical Infrastructure
Research and Development
Advancement Act
Homeland Security
Cybersecurity Boots-on-the-
Ground Act
Commerce Cybersecurity Act of 2013
Intelligence
Cyber Information Sharing Act of
2014
Cyber Intelligence Sharing
and Protection Act
13. 2014 Lame Duck (Senate)?
Other Issues?
Marketplace Fairness
Tax Extenders
Nominations
Other National Security Issues?
AUMF
Sec. 215/Sec. 702/FISA
Reform
Iran
Must Do:
• Continuing Resolution
• Defense Authorization
14. Changing of the Guard
On their way out:
Mike Rogers (R-MI)
House Intelligence
Buck McKeon (R-CA)
House Armed Services
Carl Levin (D-MI)
Senate Armed Services
Jay Rockefeller (D-WV)
Senate Commerce, Science, &
Transportation
Saxby Chambliss (R-GA)
Senate Intelligence
Tom Coburn (R-OK)
Senate Homeland Security
Next in line (?):
Jeff Miller (R-FL)
House Intelligence
Mac Thornberry (R-TX)
House Armed Services
Jack Reed (D-RI)
Senate Armed Services
Bill Nelson (D-FL)
Senate Commerce, Science, &
Transportation
Richard Burr (R-NC)
Senate Intelligence
John McCain (R-AZ)
Senate Homeland Security
16. What happens after a crisis?
Truman National Conference Cyber Exercise
54 Teams
• 34 Congressional offices
• 7 Executive offices & Agencies
• 9 Industry & Interest Groups
• 4 Media Outlets
Day-of Crisis Exercise
• National Security Council Debate
• 7-9 Teams; 25 – 70 Participants
• Define what happened & how to respond
17. What we learned…
1. Uncertainty in response to a crisis
2. In the wake of a crisis, the focus is almost
entirely on protecting critical infrastructure
3. In the wake of a crisis, the second priority is
developing human resources
18. Cyber After Snowden
Matthew Rhoades, Director, Cyberspace & Security Program
Can DC Help Protect Your Networks?