Week ahead: Path clears for cyber talks

Things are starting to fall into place for Congress’s conference negotiations on major cybersecurity legislation, which are likely to begin in earnest in the coming weeks.

Both chambers have approved bills that would encourage businesses to share more data on hackers with the government, with the Senate passing the Cybersecurity Information Sharing Act on Tuesday.

But discussions on how to merge those bills were in limbo for days as the House worked out its leadership changes.

{mosads}The election of Rep. Paul Ryan (R-Wis.) as Speaker, and Ryan’s decision to keep Rep. Devin Nunes (R-Calif.) as chair of the House Intelligence Committee now clears the path for talks.

As head of the Intel panel, Nunes joined with the committee’s ranking member, Rep. Adam Schiff (D-Calif.), to back the Protecting Cyber Networks Act, one of two complementary cyber info-sharing bills the House passed on back-to-back days in April.

Staying at his post will give some certainty to the potentially difficult task of how to merge the three cyber info-sharing bills.

“As we move forward under the leadership of Speaker Ryan, it will be important to complete the good work we have done on an intelligence authorization bill and to get cybersecurity legislation passed to the president’s desk,” Nunes said.

The House Homeland Security Committee leaders, Chairman Michael McCaul (R-Texas) and Ranking Member Bennie Thompson (D-Miss.), are backing the other House bill, known as the National Cybersecurity Protection Advancement Act.

Elsewhere, the House will dive into a recent European Court of Justice decision that invalidated a long-standing Safe Harbor data-sharing pact between the U.S. and European Union, leaving more than 4,000 companies scrambling to find new ways to legally transfer data across the Atlantic.

In two separate hearings on Tuesday, the House Energy and Commerce Committee and the House Judiciary Committee will both tackle the subject.

In the wake of the court’s ruling, Germany’s privacy regulators announced they would investigate data transfers from the EU to the U.S. from companies such as Google and Facebook.

The incident has raised pressure on negotiators to resurrect the Safe Harbor program, which had previously let companies self-certify that they met the more-stringent European privacy protection laws in order to handle EU data.

Both U.S. and EU officials indicated this week that a Safe Harbor 2.0 pact may be on the horizon.

EU Justice Commissioner Věra Jourová told European lawmakers that a new, more-stringent Safe Harbor pact had been agreed to “in principle” but that a final deal may still be months away. Commerce Secretary Penny Pritzker was slightly more optimistic, indicating the deal could be completed by mid-November.

On the Senate side, the Judiciary Committee will explore data brokers’ cybersecurity practices.

Security specialists have long worried that data brokers — who hold a treasure trove of sensitive information — are vulnerable to catastrophic hacks. Regulators and some lawmakers are concerned that these companies, which collect, handle and sell reams of digital data, are not subject to strict security requirements.

The topic has been in the news recently after 15 million T-Mobile customers had their personal information exposed when hackers hit Experian, one of the largest credit agency data brokers.

The intrusion compromised highly personal information such as Social Security numbers and even some data that Experian said was encrypted, resurrecting fears of lax security measures at these type of companies.

The Senate Armed Services Committee will also take a look at the future of warfare, with testimony from Keith Alexander, former head of the National Security Agency. Alexander made efforts to warn of the looming threat of cyber warfare while in office.

MORE STORIES:

President Obama warned of the power grid’s lagging cyber defenses as he declared November Critical Infrastructure Security and Resilience Month: http://bit.ly/20eFz1e

The government is moving forward with new cybersecurity requirements for nuclear power plants: http://bit.ly/1LGI2Kq

Cybersecurity was noticeably absent from the main Republican presidential debate Wednesday night: http://bit.ly/1NdNN4u

Another teen was arrested in the mammoth TalkTalk hack: http://bit.ly/1NFCLmY

A petition pressing the White House to renounce any policies that would undermine encryption passed the threshold required to trigger a response: http://bit.ly/1ijG4VG