Congressional Cybersecurity Oversight: Whoos Who and How It Works

Abstract

Cybersecurity remains perhaps the greatest challenge to the economic and physical well being of governments, individuals, and business worldwide. During recent months the United States has witnessed many disruptive and expensive cyber breaches. No single U.S. governmental agency or congressional committee maintains primary responsibility for the numerous issues related to cybersecurity. Good oversight stands at the core of good government. Oversight is Congress’s way of making sure that the administration is carrying out federal law in the way Congress intended. So many aspects of cybersecurity have the potential for use by: terrorists; by foreign entities as a tool to conduct industrial espionage against U.S. business; and by nation state adversaries, or others intent upon creating serious disruption. These various threats mean that cybersecurity policy in many ways must be treated just like the strategic and operational plans of a country at war. The purpose of this article is to provide a road map of the various congressional committees exercising jurisdiction over matters relating to cybersecurity. First, a few thoughts are offered about the role of Congressional oversight. Second, for perspective, a brief outline of how the executive branch, in the absence of legislation between 2002 and December 2014, handled responsibility for all things cyber. Next, a discussion of Congressional cybersecurity oversight for the 114 th Congress is provided, including an analysis of committee jurisdiction, leadership, membership, and key staff. Finally, the important role contributed by professional congressional staff, the Government Accountability Office, Congressional Budget Office, and the Library of Congress Congressional Research Service (CRS) is covered. My hope is that this article will add to