Cybersecurity…At Least There Is One Thing Congress Can Agree On

While most political observers were focused last week on the debates surrounding passage of the so-called “Cromnibus” spending bill, less noted was the fact that the U.S. Congress managed to pass a number of cyber-security bills in a rare moment of bipartisanship and cooperation between the House of Representatives and the Senate. 

One bill, the Cybersecurity Workforce Assessment Act, was passed in the House by voice vote on Thursday. Originally introduced by Rep. Patrick Meehan (R-PA), the bill directs “the Secretary of Homeland Security to assess the cybersecurity workforce of the Department of Homeland Security (“DHS”) and develop a comprehensive workforce strategy.” Specifically, the Secretary must identify key positions related to cybersecurity and create a strategy for enhancing the readiness, capacity, training, recruitment, and retention of cybersecurity personnel within the DHS. The strategy must include a five-year implementation plan and a ten-year projection of the cybersecurity workforce needs of the DHS. 

The final bill is slightly less demanding than the original. Whereas Congressman Meehan wanted the Secretary of Homeland Security to report to Congress every two years on the status of cybersecurity, the final version includes a mandate to report every three years. The original bill also would have required the Secretary to seek advice from academics and other private-sector analysts on the proper methods for ensuring cybersecurity, whereas the final bill only requires input from within the Department of Homeland Security. 

Another cybersecurity measure passed last week was the Intelligence Authorization Act. The primary purpose of this bill is to appropriate funds to the various intelligence agencies, but a number of cybersecurity-related provisions were included. For instance, Congress directed the Director of National Intelligence to conduct a study on the feasibility of “consolidating classified databases of cyber threat indicators and malware samples in the intelligence community.” This study will include an inventory of classified databases of cyber threat indicators and any impediments to consolidation. Congress also asked the Director to examine how to retain cybersecurity specialists within the intelligence community. 

Even though the Intelligence Authorization Act had broad, bipartisan support, its passage was not without difficulty. Just before it was put to a vote, the Senate quietly inserted an amendment dealing with “procedures for the retention of incidentally acquired communications.” The amendment, section 309 of the Act, requires authorities in the intelligence community to adopt procedures for disposing of private communications that were obtained without a warrant, subpoena, or similar legal device. The bill places a five-year limitation on the retention of such communications, unless they are determined to be necessary for national security purposes, criminal investigations, or are from people not protected by the Foreign Intelligence Surveillance Act. 

The House originally intended to pass the Senate version with a voice vote.  At the last minute, however, the staff of Rep. Justin Amash (R-MI) noticed the new Senate provision. Congressman Amash rushed to the House floor and demanded a recorded vote. He urged his colleagues to vote against the measure, arguing that the amendment would allow the intelligence community to transfer private communications obtained without a warrant to domestic law enforcement for criminal investigations.  Supporters responded that the new measure would actually restrict warrantless data collection. The bill passed the House on a 325-100 vote.

About The Author

Thomas A. Leonard joined Cozen O'Connor's Philadelphia office in 2013 as an associate in the firm's Litigation Section. Thomas graduated from Villanova University School of Law, cum laude, and Boston University, cum laude, with a Bachelor of Arts in political science. Thomas graded onto Villanova Law Review after his first year. He interned for the Honorable Berle Schiller of the U.S. District Court for the Eastern District of Pennsylvania.

Posted in Legislation

Leave a Reply

Your email address will not be published. Required fields are marked *


About Cyber Law Monitor
In the new digital world, individuals and businesses are almost entirely dependent on computer technology and electronic communications to function on a daily basis. Although the power of modern technology is a source of opportunity and inspiration—it also poses huge challenges, from protecting privacy and securing proprietary data to adhering to fast-changing statutory and regulatory requirements. The Cyber Law Monitor blog covers privacy, data security, technology, and cyber space. It tracks major legal and policy developments and provides analysis of current events.
Subscribe For Updates


Cozen O’Connor Blogs