As the House considers as many as four cybersecurity bills later this week, the House Homeland Security Committee will be playing only a supporting role in what could be considered one of its signature issues.
Conspicuously absent from the House’s “Cyber Week” agenda is the Homeland Security Committee’s Precise Act, which cleared a subcommittee by voice vote in February. Now, what was once a bipartisan bill is bogged down and on hold and the committee has been sidelined.
The committee will hold at least two hearings this week to highlight cyberthreats, but for a panel that oversees the agency deemed central to the government’s civilian cybersecurity efforts, it is a significantly diminished role.
Congress has been pushed to enact legislation to quell ongoing cybersecurity turf wars between defense and homeland-security agencies, but Congress faces turf battles of its own.
At least nine committees in the House oversee at least some aspect of cybersecurity.
Unlike in the Senate, where leaders gave the Homeland Security Committee the lead role in a process that included the Commerce and Intelligence committees, among others, House leaders have tapped lawmakers from the chamber's Intelligence and Armed Services committees to lead the efforts.
Armed Services Vice Chairman Rep. Mac Thornberry, R-Texas, was chosen to lead the Republican Cybersecurity Taskforce, which set the broad agenda for cybersecurity legislation.
The keystone bill during this week’s floor action will be the House Intelligence Committee’s Cyber Intelligence Sharing and Protection Act, which has been panned by both civil-liberties and free-market activists but enjoys bipartisan support and the backing of many companies. The other three bills on this week's cybersecurity agenda were marked up in the House Oversight and Government Reform Committee as well as the Science, Space, and Technology Committee.
According to House Homeland Security members, House GOP leadership pressed the sponsors of the Precise Act to remove sections that conflicted with other committees’ work, or that were too similar to proposals disliked by Senate Republicans.
But the changes sparked Democrats to drop their support, and now House leaders appear to be blocking the Precise Act from floor consideration until Democrats support it again.
“We have been told by the Majority Leader’s staff that he believes it is important to proceed with a bill with bipartisan support and that his staff is currently evaluating the depth of Democratic support for moving the bill," House Homeland Security Committee Chairman Peter King, R-N.Y., said in a statement on Friday.
The quandary played out publicly in a nearly five-hour markup last week, in which lead sponsor Rep. Dan Lungren, D-Calif., introduced a manager’s amendment that stripped the bill of several provisions that would have given the Homeland Security Department a more active role in overseeing some critical infrastructure, like electric grids or water systems.
The Senate Homeland Security Committee was given the lead in introducing a broad bill that would give DHS similar authority. That proposal is backed by the White House, but Senate Republicans balked, claiming it established too many government regulations.
Those concerns complicated the efforts to pass the Precise Act, Lungren said. “It is my judgment that if we have [critical infrastructure protection] in this bill, this bill will not go forward,” he said during Wednesday’s markup. He was forced to oppose several Democratic amendments to reinstate the measures before the Precise Act cleared the full committee.
Lungren expressed fears that without the changes, the Homeland Security Committee would not have a say in the cybersecurity debate. Now it appears even those changes have not ensured the bill would be backed by House leaders, at least not yet.
And the Homeland Security Committee’s diminished role, even if it ends up being temporary, goes beyond congressional turf wars and strikes at the core debate over government cybersecurity: Which agencies should take the lead?
To Democrats on the Homeland Security Committee, the changes to the Precise Act signal a willingness to cede control over government cybersecurity efforts to defense and intelligence agencies, which operate differently from civilian or law enforcement agencies, potentially leading to confusion.
“If DHS is not the lead cybersecurity agency, then the question is who will be the lead?” ranking member Bennie Thompson, D-Miss., asked during last week’s markup. “Unfortunately, the message that this substitute sends is that no agency will lead the federal government’s cyber efforts. It opens the door to duplication of efforts in the extreme.”