Blogs

Quack Quack.  Here's your lame duck Congress Weekly WHAT.  You'd be surprised how much is going on...

Key Takeaway: Is Cyber Legislation Possible in the Lame Duck Congress?

A procedural yesterday vote in the Senate doomed a chance at NSA reform before the new year, and with it the most likely vehicle to pass a number of cybersecurity bills that are important to state and local governments. It is now more likely the new Congress will need to start from scratch on information sharing and building the legislative framework for national cybersecurity policy. 

A bundle of non-controversial cybersecurity bills that cement into law and bolster ongoing federal activities now have an even narrower path to becoming law—and time stacked against them. These include: reforming FISMA (which also has a significant impact on state and local governments), supporting the cybersecurity framework and other ongoing DHS activities, and promoting cyber workforce development. These bills could conceivably be attached to ‘must pass’ legislation such as the Defense authorization bill, or even a continuing resolution to fund government, but surveillance reform, which would have been bundled with cyber information sharing legislation and perhaps these other legislative initiatives, was the most likely candidate.

This does not doom these issues forever, but does mean that new chairman will likely need to start the process over in the next Congress.  While House Homeland Security Committee Chairman Mike McCaul will stay put (and continue being a strong proponent of supporting collaboration on cyber activities throughout the public sector), all the rest of the Chairs will shuffle.  New chairmen typically mean new priorities and new hearings, making the process more onerous.

House Intelligence Committee Chairman Mike Rogers retirement will bring a new face to a key committee for any information sharing legislation.  The House Oversight and Government Reform Committee Chairmanship, which has a role in overseeing federal standards such as FISMA, will most likely turn over with Rep. Darryl Issa facing a term limit.  Of course, the Senate will completely flip as the Republicans take control of the chamber, leaving many chairmanships and thus committee priorities unclear. 

Other Buzz:
NIST Developing Standards on Securing Unclassified Federal Information Held By States, Others
In what could be a significant win for states juggling various data security rules from a myriad of federal agencies, the National Institute for Standards and Technology (NIST) is developing guidance on protecting controlled unclassified information on non-federal systems covered by the Federal Information Security Management Act (FISMA). NASCIO has been discussing with NIST and others state concerns about often redundant and occasionally conflicting information security rules from federal agencies.  Our hope is this type of guidance reduces the burden and streamline the many security regimes across federal and state programs. The initial public draft guidelines were released on November 18, and is open for public comment through January 18.  The draft, Special Publication 800-171, is available here.

Other Key Lame Duck Issues for State and Tech
Questions beyond cybersecurity legislation are up in the air for the lame duck session.  Perhaps most important is keeping the government open.  There is a divide among Republicans as to whether to pass a short term Continuing Resolution that keeps government running into the first few months of a new Congress, or a year-long omnibus spending package for fiscal 2015, that would take the issue of government funding off the table.  In order to avoid a shutdown, Congress will need to take some action by December 11.  Also, any passage of the National Defense Authorization Act (NDAA) could impact the National Guard and its role in domestic cybersecurity activities.

Outside these key bills, the “Big 7” state and local government groups are urging Congress to pass the Marketplace Fairness Act prior to adjourning for the year, which would apply state and local sales taxes to internet purchases.  In a letter released yesterday, the groups urged Congress “to combine the Marketplace Fairness Act (MFA) with a temporary extension of the Internet Tax Freedom Act (ITFA) and pass the measure this year.”  The Big 7 includes the National Governors Association, National Conference of State Legislatures, Council of State Governments, National Association of Counties, National League of Cities, U.S. Conference of Mayors, and International City/County Managers Association.

FCC Chair to Propose Further E-rate Reforms, increase in funding
Federal Communications Commission (FCC) Chairman Tom Wheeler is preparing a proposal for the next step in modernizing the E-rate broadband for schools and libraries program: providing additional funding to roll out high-speed broadband access to schools and libraries, particularly in rural areas where it is often prohibitively expensive. To do so, Wheeler is proposing an increase in the E-rate spending cap from the current $2.4 to $3.9 billion a year.  This would raise the Universal Service Fund (USF) fee on phone lines 16 cents a month. 

Over the past year, the Federal Communications Commission (FCC) reviewed the program and made several reforms to E-rate:  phasing out support for legacy services and moving that funding toward faster internal connections (Wi-Fi) within schools. In addition, the commission instituted reforms to promote regional approaches and bulk purchasing of equipment. NASCIO weighed in on these reforms (you can find our remarks at www.nascio.org/advocacy/current), and were particularly supportive of the modernization and efficiencies brought to the program.

The proposed plan will be voted on by the commission at their next public meeting on Dec. 11.

DHS Seeking Input on Critical Infrastructure R&D Plan
As part of the executive actions that the administration took on cybersecurity in February 2013, the Department of Homeland Security (DHS) is required to develop a National Critical Infrastructure Security and Resilience R&D Plan within two years. With the deadline three months away, DHS is seeking input from partners on how to proceed.  Some of the key questions include what factors should be considered and the role of the public sector.

NASCIO staff participated in a Critical Infrastructure Partnership Advisory Council (CIPAC) meeting on the plan this past week.  States and other interested parties can submit their input by December 17 here: Request for Comments and Answers to Specific Questions To Inform Development of the National Critical Infrastructure Security and Resilience (NCISR) Research and Development (R&D) Plan.


Techbytes

First phase of state consultations to be finished before fiscal 2016, FirstNet head says

FCC Auctions More Than Enough Spectrum to Fund FirstNet

Nebraska Lt. Gov. Nelson announces state broadband plan

New York City turning public pay phones into free Wi-Fi hot spots

Long-awaited FISMA Reforms May Hit Stumbling Block

Elections Shake Up Top State IT Jobs

Michigan hosts 2014 North American International Cyber Summit

Nevada Reduces Cyber Incidents by 80 Percent (ed. ...using this one simple trick!)