As Election 2020 storms toward an end point, the cyber community is pondering how a shift in Senate control from Republicans to Democrats would affect cybersecurity policy and perhaps reorient the national agenda.
Political analysts expect the House to remain firmly in Democratic hands after the Nov. 3 elections, but Senate control is hanging in the balance, with independent polls and analyses suggesting Democrats are slightly favored to win a majority, as of today.
Much depends on the outcome of the presidential race, of course, and the latest polls show Democrat Joseph Biden maintaining his lead over President Trump nationally and by a smaller margin in battleground states.
But certain themes are becoming clear when it comes to Capitol Hill and a possible power change in the Senate.
“I would generally expect that a Democratic Senate would probably push for something of a greater role for regulatory agencies -- FCC and FTC -- on a range of supply chain security, 5G security and IoT security issues,” said a source with congressional and executive branch experience.
Said another source, “If the Senate turns Democrat, I expect to see a much more prescriptive approach to private sector cyber, in particular tech companies, financial services, energy, and telecom, as well as critical infrastructure and government contractors. … In addition, I think we could see expansions of regulatory authority for several agencies.”
Megan Brown of law firm Wiley Rein pointed in particular to some of the recommendations by the nonpartisan Cyberspace Solarium Commission that are “gaining traction in a new Congress, regardless of a party switch.”
“I am particularly worried about those that are more regulatory for the private sector,” Brown said, “like labeling or the suggestions about amending Sarbanes-Oxley,” the financial-sector law, to require more corporate disclosure on cyber.
Further, Brown said, “I see continued and expanding interest in mandatory vulnerability disclosure programs, and in oversight of compliance and implementation of Section 889 of the FY2019 NDAA,” referring to the ban on the government contracting with companies that use telecommunications and surveillance equipment made by Huawei, ZTE and other Chinese companies.
Sources also noted implications from some upcoming congressional departures, like the retirement of Rep. Will Hurd (R-TX). Hurd was a “facilitator” for bipartisan cyber efforts on the Hill, according to a source, pointing to leadership on Internet of Things legislation as an example.
The horse race
The list of House incumbents on the Election Day “endangered list” is dominated by Republicans.
House members with cyber track records on the watch list include Foreign Affairs ranking member Michael McCaul (R-TX) and Small Business ranking member Steve Chabot (R-OH). The GOP side of the list also includes Reps. John Katko (R-NY), Rodney Davis (R-IL) and Brian Fitzpatrick (R-PA).
Rep. Abigail Spanberger of Virginia is the only cyber-prominent Democrat on the list, which is based on recent polling and the assessments of nonpartisan analysts Inside Elections with Nathan Gonzales and Cook Political Report.
A few senators with active cyber portfolios are facing tough re-election races. Senators in this category include Judiciary Chairman Lindsey Graham (R-SC) and Sens. Cory Gardner (R-CO) and Susan Collins (R-ME), and Homeland Security ranking member Gary Peters (D-MI) on the Democratic side.
If Peters loses, one source said, Sen. Maggie Hassan (D-NH) would be the next most senior Democrat on the committee and has been active on cyber and federal IT modernization.
Also at the Senate Homeland Security and Governmental Affairs Committee, Chairman Ron Johnson (R-WI) is scheduled to rotate out of his top position on the panel under the current GOP term-limit policy for committee leaders. Sen. Rob Portman (R-OH) would be next in line based on seniority and has also been very involved on tech and cyber issues. – Charlie Mitchell (firstname.lastname@example.org)