Although there are a handful of races still outstanding, majorities for both sides of Congress have already been called with narrow margins between Democrats and Republicans. In an increasingly partisan atmosphere, it will be more difficult than ever to advance policy priorities with the bipartisanship required to get any legislation signed into law in the 118th Congress.
However, cybersecurity policy represents a policy arena where leaders from both parties can cross party lines and meet in the middle to create bipartisan wins, with strong support from the Biden administration. Especially as we approach the 2024 electoral cycle, policymakers will be focused on securing these wins wherever they can, and cyber policy is one of the few remaining policy areas where both sides can come together on policy.
There are several dynamics at play that provide an ideal environment for cybersecurity policies to advance in the 118th Congress. Most notably, there is a balance between incumbent cybersecurity champions that have remained in Congress, along with fresh opportunities for new members to get involved due to several cyber champions retiring at the end of the 117th Congress. This leaves open several spaces on relevant cyber-focused committees and subcommittees to be filled by new members hoping to make an impact, while also being guided by experienced lawmakers who have previously been successful in advancing bipartisan cyber policies.
There are several key areas of cybersecurity policy that are ripe for attention and remain outstanding from the considerable work that was achieved in the 117th Congress. There will be ample opportunities in the 118th Congress for both new and old lawmakers to get involved, including:
CISA Growth and Reforms: There have already been strong efforts to scale the authorities provided to the Department of Homeland Security’s Cybersecurity & Infrastructure Agency (CISA) to oversee much of the federal government’s work in cybersecurity. This will continue in the 118th Congress, along with more oversight from House Republicans. However, there will be bipartisan support for growing the agency’s ability to counter threat actors from China and Russia, as well as to bolster the cybersecurity workforce.
Harmonizing Responsibilities of Cyber Agencies: There are now several federal offices focused on cyber agencies, and lawmakers will likely continue to work to better delineate the responsibilities between these offices – especially between CISA and the White House Office of the National Cyber Director.
Codifying Systemically Important Entities: There has been an ongoing push for codifying “systemically important” entities, especially for critical infrastructure providers. This has been a key priority to protect such infrastructure – maintained by both public and private entities – from the increasing threat of cyberattacks. While there was an effort to include this policy in the FY2023 NDAA, it seems unlikely that it will advance this year.
FISMA and FedRAMP: Two key priorities for several lawmakers in the 117th Congress was to modernize the Federal Information Security Management Act and to finally codify the General Services Administration’s Federal Risk and Authorization Management Program (FedRAMP). While this effort passed the Senate with bipartisan support in March this year, the effort stalled and ultimately failed in the House due to differences between House and Senate lawmakers. Both government programs are essential to keeping key information technology secure from cyber threats, and this will be an opportunity in the 118th Congress.
Comments