A basic national security imperative could fall victim to the conflict. Cybersecurity entangled in turf wars

The White House is scrambling to influence cybersecurity legislation that’s been tangled in a web of policy, politics and parochialism — even reaching out to Republican leaders as the House prepares to act on the issue later this month.

On the surface, the players are battling over the best way to protect the nation’s electric grid, water facilities and other critical infrastructure from being taken down by a crippling cyberattack.


But underneath, it’s really a quintessential Washington turf war, spiced up by election-year politics.

In one corner, the champions of the civilian Homeland Security Department: the White House and the Homeland Security panels in the House and Senate. In another corner, proxies for the National Security Agency: House Republicans and Rep. Dutch Ruppersberger, the top Democrat on the Intelligence Committee, who represents the NSA’s Maryland headquarters.

A third group, led by John McCain (R-Ariz.) in the Senate and Mary Bono Mack (R-Calif.) in the House, has also weighed in with a bill that focuses on fostering information sharing about cyberthreats between the government and critical infrastructure operators without tacking new security mandates onto businesses.

It all makes for a twisted tale of how a basic national security imperative — cooperation between the government and private companies — could fall victim to the vagaries and vanities of Congress.

“Initially, we saw each chamber really take a cross-committee approach and now, we’re seeing the emergence of jurisdiction and parochial interests that are trumping that,” an administration official said in an interview with POLITICO.

Still, with the Senate snarled over competing versions of the bill, House leaders and administration officials are talking.

House Republican aides have met with officials from the Department of Homeland Security and other agencies to discuss the White House’s cybersecurity plan, and Republican leaders are confident they’ll have Democratic votes for a package of bills that they plan to bring to the floor — though they are certain to get some backing from Democrats with or without the White House’s blessing.

“We think it’s possible that the package of bills we plan to bring to the floor at the end of April — which deal with information-sharing and liability changes, among other matters — will be able to garner bipartisan support,” a House GOP leadership aide said.

The administration, which plans to lobby House Democrats in the next two weeks, is hoping that Democrats can gain leverage to demand changes by withholding their votes.

“We’re going to say to Dems, ‘Have you read all the ACLU and Center for Democracy & Technology’s concerns with the bill?’” the administration official said, referring to a measure by House Intelligence Committee Chairman Mike Rogers (R-Mich.) and Ruppersberger. “House Dems should be demanding answers.”

But House GOP leaders could suffer 25 defections before they would need a single Democratic vote — and only one of the eight Democrats on the Intelligence panel, Jan Schakowsky of Illinois, voted against the Rogers-Ruppersberger bill at the committee level.

There are a few electoral wild cards in the mix, too.

The president must weigh the benefit of burnishing his national security credentials against concerns from the left that privacy rights could be compromised. Republicans have to decide whether to push for the law even if it means giving the president the national security victory. And House GOP leaders are trying to find a way to let Rep. Dan Lungren salvage some of his Homeland-flavored version of the legislation as he campaigns for reelection in California’s newly redrawn and highly competitive 7th District.

“Subcommittee Chairman Lungren and I have been working very closely with the speaker in crafting cybersecurity legislation. We have also been in contact with the other committees involved,” House Homeland Security Committee Chairman Peter King (R-N.Y.) said. “We are working to ensure that the legislation that comes out of the full committee has as much consensus as possible while also preserving the elements that we believe are essential. My intention is to have that for the full committee when we come back after the Easter recess.”

Need a scorecard? You will soon because the House is expected to move forward later this month on the Intelligence Committee’s bill, which would encourage private companies to voluntarily share information with intelligence agencies while providing liability protections. That version, which the panel approved 17-1, is the anchor for a planned “cyberweek” in the House, beginning April 23, that would also feature smaller-bore legislation from the Judiciary, Oversight and Government Reform, and Homeland Security panels.

Major Internet providers, the U.S. Chamber of Commerce and tech companies such as IBM have lined up behind the House Intelligence Committee’s bill because it doesn’t hold industry responsible for meeting new security requirements, unlike a version drafted by Senate Homeland Security and Governmental Affairs Committee Chairman Joe Lieberman of Connecticut and his committee’s top Republican, Susan Collins of Maine.

Lieberman’s bill would require operators of critical infrastructure to work with the Department of Homeland Security to develop a set of security standards that they will be responsible for meeting. And that’s part of the reason the administration is racing to influence the House bill after devoting most of its attention to the Senate bill.

FBI Director Robert Mueller, Homeland Security Secretary Janet Napolitano and NSA Director Gen. Keith Alexander plan to huddle with House members the week of April 16 to outline the escalating threat the U.S. faces from cyberattacks and vulnerabilities in critical infrastructure systems, the administration official said. For more than a year, the White House has been organizing a series of classified briefings for senators but has only recently turned its attention to the House.

That’s in part because Senate Majority Leader Harry Reid has other items, including a “Buffett rule” bill, a reauthorization of the Violence Against Women Act and a postal reform measure lined up first. It could be May or later before the Senate acts on cybersecurity legislation.

While the House is still ironing out the final details of its cybersecurity package, leaders are expected to put several bills on the floor separately and then use a procedural maneuver to combine them before they are sent to the Senate.

Nothing is set in stone yet but so far, four bills are expected to be put on the House floor for a vote. They include: the industry-backed Intelligence Committee measure, Texas Republican Rep. Mike McCaul’s bill aimed at boosting cybersecurity research and development and the pool of trained cyberprofessionals, Rep. Darrell Issa’s Federal Information Security Management Act reform bill and some version of Lungren’s Promoting and Enhancing Cybersecurity and Information Sharing Effectiveness Act of 2011.

The House avoided some of the Senate’s acrimony by splitting up responsibility for cybersecurity issues among the various committees of jurisdiction. Several Senate committees have worked on the issue as well.

But Reid, acting in accordance with the White House’s preference for a more comprehensive bill with DHS as the federal government’s cybersecurity lead, gave primacy to Lieberman, who wrote the legislation creating the Homeland Security Department a decade ago. He has been joined by Collins, who can expect to hold the committee’s gavel and its jurisdiction over the massive department if Republicans retake the Senate.