Denim Group has been acquired by Coalfire. Learn More>>

A Glimpse Into Federal Cyber Security Policy with Rep. Mike McCaul

By John Dickson

I recently had the opportunity to participate in a US Chamber of Commerce public policy discussion in Washington DC with Representative Michael McCaul (Twitter: @McCaulPressShop) who is a Congressman from Central Texas and is Chairman of the House Homeland Security Committee.  This committee, along with its counterpart in the Senate, helps develop cyber security legislation in the U.S.  Although the event occurred the week after RSA, this group of security industry leaders could not have been more different than the typical RSA attendee.  For starters, everyone wore suits…

Some additional background is of value here…  Rep. McCaul is a cyber security policy veteran in Washington DC.  In his new position as the House Homeland Security Committee Chairman, McCaul is now also the House of Representatives point person for any proposed cyber security Federal legislation coming out of the House.  As such, he has a lot of power to affect the future of our country, and although he’s not a technology guy per se (he’s an attorney), he has a solid grasp of the critical high-level cyber security and privacy public policy issues that most of us are comfortable letting others handle.

In last month’s policy meeting, Congressman McCaul’s remarks probed many cyber security public policy “touch points” that are frequently covered in the popular press such as:

  • In spite of deep cultural issues, can the Federal government do a better job of sharing time-sanitized threat information to commercial companies in a timely manner?
  • What can companies do better in order to share this critical information amongst themselves and with the Federal government?
  • If companies do share threat and vulnerability information with the government or industry players, can they do so with better liability protections?
  • What security standard – if any – should companies be held to?

The well-dressed audience (it was the Chamber after all) listened intently while Congressman McCaul provided key updates regarding the Congress legislative environment in this Congress.   His characterization of the last Congress on cyber security legislation (“universes apart”) was probably overly kind.  Given the political log-jam leading up to last fall’s election, absolutely nothing was going to get done prior to the election since both parties were reluctant to give the other party a “win” in the run-up to November.  However, according to McCaul, things might be different this time.

Also discussed were the realities that much of the nation’s infrastructure, as well its security expertise, resides in the private sector.  Couple that with the reality that any legislation passed by Congress may very well be obsolete by the time it reaches the President’s desk for signing and you get a gist of the challenge here.

In spite of the acrimonious political environment surrounding the sequestration, McCaul shared with the audience that cyber security legislation was an area that both parties might just be able to reach consensus.  He cited the efforts of Michael Daniel, White House Cyber Security Coordinator, to reach out to certain Congressional Leaders to review the recent White House Executive Order issued by President Obama on February 13th of this year.  Certainly the headlines involving nation state threats to our critical infrastructure and the recent Mandiant white paper highlighting China’s activities in this arena have helped drive some consensus on this issue.  Perhaps many of our Congressional leaders are looking for an issue – any issue – in which they can find a modest level of agreement..  Rep McCaul’s initial analysis of the Executive Order was it:


  • Get solid feedback from the private sector
  • Better defines the role of the Department of Homeland Security


  • Voluntary standards need further definition
  • It leaves open the door to future industry regulation

Rep. McCaul insisted that two things most likely will not happen this session:

  • Anything involving the “R Word,” i.e. regulation.  There seems to be zero political appetite for turning the screws on American businesses to tighten security standards especially during these uncertain economic times.  This was welcome news to everyone in the room.
  • Ambitious legislation that helps to define all aspects of information sharing and standards that would have a profound impact across industry.  Instead, look for our elected officials to nibble around the edges of these issues and perhaps make incremental gains around information sharing.

However, one of the more interesting moments of the sessions came during the Q&A.  A representative of the electrical provider in the DC area posed an intriguing question.  When, not if, a sophisticated attacker breaches their utility, which Federal agency should they respond to first, and in what order?  When they show up on their doorstep, should they respond to the DoD (Department of Defense), the DHS (Department of Homeland Security), the FBI, NERC (the North American Electrical Reliability Corporation), FERC (the Federal Energy Regulatory Commission), or who else first?  McCaul responded that they should speak to DHS first although many members of the audience probably thought the reality would be slightly more complicated.

So, if you are interested in cyber security issues, you should probably spend some small percentage of your time keeping track of the cyber security legislative efforts and policy issues occurring at the national and state levels.  It was an eye opening experience for me and I learned a tremendous amount about how large enterprises are approaching this issue after just one session at the US Chamber.  The bottom line is that you may not care about policy and politics on a day-to-day basis, but somebody within your organization does -likely someone higher up the food chain than yourself – and some day they might ask you about your interpretation of these efforts.  It would be good for yourself and your organization to have an answer ready.

For some more information on budding Federal cybersecurity policy, check out:

Contact us if you have any stories you want to share about how cybersecurity legislation might impact your business.


john _at_


14 Responses to “A Glimpse Into Federal Cyber Security Policy with Rep. Mike McCaul”

  1. Jeff Reich

    A very well written summary and opinion. Thanks John!

  2. Ben Rivera

    I appreciate your input, advice and meeting notes on this subject. Hopefully, the Federal government and commercial companies can find a way to share information quickly, since sharing data has been a hurdle between Fed-Fed agencies in the past. Now add Fed-Comm sharing of information…sounds difficult to implement, but much needed. Thank you.

  3. Philip J Beyer

    Thanks for sharing this summary John and for stimulating conversation on the topic of collaboration in the security community.

    I appreciate that our legislators are working on this smartly at the highest level. Not surprisingly though, I think the lion’s share of the work will have to occur between the actual organizations, their leaders, and their analysts. I’m hopeful that some of the work I’m doing, and many of the groups I’m trying to work with, will set the pace for our entire community.

    If the situation is going to improve, we all need to work together better and more often. Everyone needs to be involved too, so I’m glad that Rep. McCaul is helping to lead our Federal government in that direction.

  4. jobs security clearance

    Do not always trust jobs you see on the Internet. While certain sites are safe, other sites, such as Criagslist, have many scammers that not only are false employers, but are looking to take your money. The best way to go job hunting is by asking people you can trust or by going to establishments to ask if they are hiring.


    I like the valuable info you supply to your articles. I will bookmark your weblog and test again right here frequently. I’m moderately certain I will be informed lots of new stuff proper here! Best of luck for the next!


    Its like you read my thoughts! You appear to know so much approximately this, such as you wrote the book in it or something. I think that you just could do with some p.c. to pressure the message home a little bit, however other than that, this is wonderful blog. An excellent read. I will certainly be back.

  7. treadclimber tc20 coupons. tc20 coupon. tc20 discounts

    Hey! Do you know if they make any plugins to safeguard against hackers? I’m kinda paranoid about losing everything I’ve orked hard on. Any tips?

  8. nutrisystem discount code

    When I initially commented I seem to have clicked on the -Notify me when new comments are added- checkbox and from now on each time a coimment is added I recieve 4 emails with the exact same comment. Perhaps there is a means you are able to remove me from that service? Many thanks!

  9. nutrisystem discount

    Goodd day! Do you know if thy make any plugins to help with SEO? I’m trying to get my blog to rank for some targeted keywords but I’m not seeibg very good success. If you know oof any please share. Cheers!

  10. save20

    What’s up friends, its fantastic post regarding tutoringand completely explained, keep it up all the time.

  11. treadclimber tc5

    I used to be recommended this web site by way of my cousin. I’m no longer certain whether this post is written through him as no one else realize such particular about my difficulty. You are incredible! Thank you!

  12. amazon promo code

    Can you tell us more about this? I’d like to find out more details.

  13. amazon prime

    Nice post. I used to be checking continuously this weblog and I’m inspired! Extremely helpful info specially the final phase :) I take care of such info a lot. I was looking for this certain info for a very long time. Thank you and best of luck.

  14. treadclimber by bowflex

    Superb blog! Do you have any tips for aspiring writers? I’m hoping to start my own website soon but I’m a little lost on everything. Would you recommend starting with a free platform like WordPress or go for a paid option? There are so many choices ouut there that I’m totally overwhelmed .. Any tips? Bless you!

Leave a Reply

Your email address will not be published. Required fields are marked *