On cybersecurity, Congress can’t agree on turf
By Ben Pershing,
Congress already has more than 40 committees and well over 100 subcommittees. Does it really need one more? How about another task force? Or a working group?
Yes, says Sen. John McCain: A new panel is needed to cope with a relatively recent and unquestionably grave threat — hacking.
Last week, the Arizona Republican wrote to Senate leaders proposing the creation of a temporary Select Committee on Cybersecurity and Electronic Intelligence Leaks, which would produce “comprehensive” legislation on the subject.
No one on Capitol Hill needs persuading that the United States is vulnerable to attack on this front. Last week, the Pentagon revealed that thousands of files containing Defense Department data had been stolen from a defense industry computer network in March. Congress itself has been a hacking target multiple times.
But why get a new committee involved in the fight? Because too many committees are already involved in the fight.
McCain wrote that cybersecurity legislation “has been drafted by at least three committees and at least seven committees claim some jurisdiction over the issue.” He also noted that the White House and the Energy, Commerce and Defense departments have all put forward separate initiatives on the subject.
“With so many agencies and the White House moving forward with cyber security proposals, we must provide congressional leadership on this pressing issue of national security,” McCain wrote, adding that the best solution would be to have top Republicans and Democrats “step away from preserving their own committees’ jurisdiction.”
Put more simply, lawmakers hate giving up turf.
When the Homeland Security Department was created in 2002, for example, House and Senate committees bickered over which would oversee it, just as other Cabinet departments fought against ceding any agencies or authority to the new entity.
So it’s not surprising that the two leaders of the panel with perhaps the most to lose — the Homeland Security and Governmental Affairs Committee — are not big fans of McCain’s proposal.
Chairman Joseph I. Lieberman (I-Conn.) and ranking member Susan Collins (R-Maine) wrote back to McCain last week that their panel has already made significant progress on the cybersecurity front, so “[i]t would be a real mistake and a waste of time to restart the process when so much work has already been done.”
McCain isn’t the first senator to have this idea. In his own letter responding to McCain, Senate Majority Leader Harry M. Reid (D-Nev.) pointed out that he had proposed a similar select committee on cybersecurity in 2009.
“Unfortunately, there was not support for this effort and, in fact, significant opposition,” Reid wrote. “In light of this response, I did not want to spend months or years in a perhaps fruitless effort to establish a Select Committee, rather than working on critical legislation and oversight.”
Instead, Reid this year suggested the formation of “bipartisan working groups” that would collaborate across committee lines. So far, he has not gotten feedback from the Republican leadership on the idea.
Now, a “working group” should not be confused with another favorite Capitol Hill creation — the “task force” — which House Republicans have decided to deploy in the war against cybercrime.
In June, Speaker John A. Boehner (R-Ohio) and House Majority Leader Eric Cantor (R-Va.) announced the formation of a Cybersecurity Task Force to be led by Rep. Mac Thornberry (R-Tex.).
But rather than writing broad legislation, the way McCain’s proposed committee would, Thornberry’s group simply will make recommendations that the regular committees of jurisdiction will (or won’t) incorporate into their bills.
“There’s certainly a concern that [cybersecurity] touches on so many committee jurisdictions that it makes it somewhat unwieldy,” Thornberry said in an interview. Still, he said, the task force is designed to “not take the place of the committees.”
So the House idea, at least, shouldn’t leave any angry chairmen in its wake. But the task force does have one controversial feature: It only includes Republicans.
That makes little sense to Rep. Jim Langevin (D-R.I.), co-founder of the bipartisan Congressional Cybersecurity Caucus, who has tried — without success — to get Boehner to add Democrats to the mix.
Since any truly comprehensive legislation will have to involve both parties anyway, Langevin argues, why not get everyone together at the table now? Thornberry responds that there would be plenty of time for that kind of “bipartisan collaboration” during the committee process.
Regardless of party, Langevin said in an interview, “There is no doubt that the jurisdictional battles in Congress are a problem when it comes to moving complex legislation through quickly.”
And what if McCain’s select panel, Thornberry’s task force, Reid’s working groups, Langevin’s bipartisan caucus and all the regular committees were allowed to take a crack at cybersecurity and still couldn’t get a bill to President Obama’s desk?
Then there might be only one solution — a blue-ribbon commission.