The WHAT is back from a long winter hibernation. Since the holidays, NASCIO has released its federal advocacy priorities for the year:
- Cybersecurity: Securing Public Networks, Readying the Nation
- Modernize Outdated Federal Regulations Impacting State IT
- Building a Sustainable Nationwide Public Safety Network
- Collaboration on Broadband and Telecommunications
We urge you to take a look at the fact sheets and see specific areas we see as ripe for collaboration and reform. Over the course of the week, we’ll look at where each of these issues stand at the beginning of 2015.
Technology has been driving a great deal of the discussion in Washington thus far this year, and cybersecurity has been dominating the conversation—overshadowing net neutrality and other divisive issues. NASCIO is supporting greater resources for bolstering state IT security and the IT workforce that supports it. We also see opportunities to modernize the regulatory environment around IT system security to create more efficient use of funds. More on this to come, but for now, here’s a rundown on what’s happening with cybersecurity policy in Washington…
Cyber Leads On All Fronts
Beyond headlining our advocacy list, it is the state CIOs top policy priority for 2015. Everyone is talking cyber in Washington, too—from President Obama in his State of the Union and his budget, to members of Congress on the Hill, to the National Governors Association in their State of the States. Here’s a “speed read” on what is being said by whom, and what it means to the state technology community.
Presidential Words and Action: The President made clear in his January State of the Union that he believed much more work is yet to be done on cybersecurity. That was not the first word this year though; in the lead up to the speech, President Obama proposed a number of cybersecurity and data privacy initiatives. This includes legislation updating law enforcement provisions for stopping and prosecuting those involved in cyber breaches or attacks, promoting greater cyber threat information sharing across the private and public sector, creating a national data breach notification standard for private and non-profit organizations, and student data privacy standards. In addition to the legislation, additional executive actions are expected on a number of fronts, starting with maturing information sharing through promoting information sharing and analysis organizations (better known as ISACs), expected next week.
In the meantime, agencies beyond the Department of Homeland Security—including NIST, the Department of Justice, the Department of Commerce, and the Federal Trade Commission—are actively investigating new policies, programs, regulations, and products surrounding IT privacy and security concerns. The President is also proposing an increased level of expenditures on cybersecurity within the federal enterprise in the FY 2016 budget. More can be found on the request for $14 billion in (non-classified) cybersecurity expenditures on this White House fact sheet—that’s $1 billion more than last year. While much of it is R&D and internal federal security, there’s also significant focus on information sharing.
Congress: Both the House and Senate are not interested in leaving all the discussions to the executive branch. A slew of committee hearings on cybersecurity or data privacy have already occurred in the first month of the new Congress. The Senate Homeland Security and Government Affairs Committee’s first committee hearing of the new Congress was on cyber threat information sharing. It has also entered the conversations surrounding Attorney General nominee Loretta Lynch’s confirmation hearings—appropriate as the Department of Justice looks to reorganize its cybersecurity activities.
While it doesn’t appear any legislation is being fast tracked, even the committee structures show that cybersecurity and data privacy will remain key focal points. The Senate Commerce Committee will have its first hearing on data breach notification legislation, which would likely preempt most state notification laws, this week.
States: Beyond the beltway, governors are beginning to raise the profile of technology in their states, and cybersecurity specifically made it into the state of the state speeches of at least three Governors so far this year (Virginia, Nevada, and Missouri). In addition, the National Governors Association highlighted it in the State of the States address, and is continuing to make it a priority through both their Center for Best Practices and Federal Relations departments. It is also likely to play a significant role during their Winter Meeting in Washington, DC next week. Finally, the Council of Governors—which historically has served as an advisory council between the National Guard and federal government—is working with the Department of Homeland Security on developing a list of concerns and issues they would like to collaborate with DHS on to improve the state cybersecurity posture.
We’ll keep you updated on all these issues as they move forward.
Techbytes
FTC Recommends Caution on Regulation, but Data Privacy for IoT
FCC Quadruples the Speed of ‘Broadband’ (The Definition, That is)
White House report on Community-Based Broadband Solutions
Trial to Study TV White Spaces for Disaster Planning
Developing Identity and Access Management Standards for FirstNet, Law Enforcement Networks
My Interview with DorobekINSIDER on NASCIO Advocacy Priorities