Lobbying activity in Washington on issues relating to cybersecurity is increasing exponentially.
In 2001, only four firms listed cybersecurity as an issue on which they were lobbying, according to a Washington Post computer analysis of congressional lobbyists filings. By 2006, this had risen to 129 and in 2011, the last full year of data available, 1,489 companies listed cybersecurity in disclosure forms required by Congress.
The increase reflects the rapidly growing importance overall of cybersecurity to businesses and government. In particular, businesses are concerned about the potential cost of new regulations intended to better secure their computer networks.
For many lobbyists this has been a windfall during a difficult economic climate in which their overall spending is flat or falling.
How many millions of dollars are being spent cannot be gleaned from official filings, as firms are required to give total amounts spent on lobbying but not a breakdown on individual issues.
The nonpartisan Center for Responsive Politics, which analyzes lobbying spending and campaign contributions, has also noted the rapid growth in cyber lobbying dollars.
“The number of distinct entities that have been lobbying on cybersecurity issues has certainly jumped up,” said Sarah Bryner, a lobbying researcher at the Center. “The striking thing to me was just how diverse the companies who are interested in this issue are. You have defense contractors, communications and technologies, you have trade organizations — it touches so many different interests.”
Bryner suggested this was fueled in part by cyber-security-related bills being considered in the Senate and House over the year. The key House and Senate bills would involve information sharing between companies and government, a measure the White House has repeatedly said is vital to combat cyber-crime.
The House bill, the Cyber Intelligence Sharing and Protection Act (CISPA), became the target of a spirited online campaign, with strong views on both sides. Those against the law cited concerns about the private sector sharing too much personal data with the government.
A bipartisan Senate bill that received support from the White House but failed to pass could be brought back for a vote this lame duck session. If legislation doesn’t pass, the White House is considering issuing an executive order to try to enhance security on the networks of companies critical to the U.S. economy.
Businesses are hiring lobbyists in large part because of the worry about the spiraling costs of constantly updating security in an online arms race against increasingly sophisticated hackers. They are also concerned about sharing commercially sensitive information about their customers with the government.
Government officials point out that companies should also worry about the liability in the event of hacking attacks, and they say that the government can provide incentives and better insurance rates for those companies that safeguard their networks.
R. Bruce Josten, executive vice president of the U.S. Chamber of Commerce, a pro-business trade group that has been vocal on these issues, said in a statement that his group “has been heavily engaged with Congress on cybersecurity since legislation first emerged on this issue in 2009.”
“The regulatory approach,” he said, “would likely create an adversarial relationship, which should be unacceptable to lawmakers.
“The Chamber urges Congress to not complicate or duplicate existing industry-driven security standards with government mandates and bureaucracies, even if they are couched in language that would mischaracterize these standards as ‘voluntary.’”
Additional regulatory concerns are also cited for telecommunications companies that face having to enforce measures on their many users; energy companies, as the electricity system moves to a computer-controlled “smart grid”; and financial institutions, seen as a high-value target for hackers.
According to the Center for Responsive Politics, the company that most often mentioned “cybersecurity” in its submissions in 2011 was Comcast. In addition to its better-known TV services, Comcast is a major Internet provider in the U.S., with more than 18 million customers.
Bryner, of the CRP, also noted the cybersecurity uptick marked the rapid professionalization of Silicon Valley’s lobbying operations in Washington, as Internet-related legislation came to the fore.
She cited Google as an example of the growth of Internet companies’ representation in the capital, across not just cybersecurity but a whole range of regulatory issues.
“Google has already nearly tripled their [overall] year-to-date spending,” she said, calling them the “standard-bearer for that industry with regard to lobbying activity.”
The Center’s Web site shows Google’s lobbying spending increasing from around $5 million in 2010 to more than $14 million for year-to-date 2012.
“In a matter of one or two years, they’ve gone from relative lobbying obscurity to being one of the top lobbying clients across the country,” Bryner concluded.
Lobbying activity is also focused on attracting cybersecurity business from the federal government. Many defense and information technology contractors have made this a priority as the Obama administration has identified cybersecurity as an area where federal money will be rising even among general cuts.
Deltek’s Federal Information Security Market forecasts U.S. federal spending in the area to increase from $9.2 billion last year to more than $14 billion by the end of President Obama’s second term.
In the end, all the money and energy spent on cyberdefense is because of rising cyber attacks. According to the Government Accountability Office, over the past five years, the number of incidents reported by federal agencies to the United States Computer Emergency Readiness Team (US-CERT), the body that tracks information on cyber attacks, has increased from 5,503 incidents in 2006 to 41,776 incidents in 2010, an increase of more than 650 percent.